Critical PX4 autopilot flaw could let attackers send shell commands to drones
CISA has warned about a critical vulnerability in PX4 Autopilot that could let an attacker execute shell commands if they can reach the MAVLink interface.…
Oracle begins layoffs as it pours more money into AI infrastructure
Oracle has started laying off employees as it ramps up spending on AI data centers and cloud infrastructure, but there is no verified public evidence…
Cisco Smart Software Manager flaw lets attackers run commands as root
Cisco has disclosed a critical vulnerability in Smart Software Manager On-Prem that can let an unauthenticated remote attacker execute arbitrary commands on the underlying operating…
WhatsApp warns about fake app used in spyware campaign targeting users in Italy
WhatsApp has warned around 200 users that they were tricked into installing a fake version of the messaging app that contained spyware. Reuters reported that…
New ZAP PTK add-on sends browser security findings straight into ZAP alerts
OWASP ZAP has released version 0.3.0 of its OWASP PTK add-on, and the main change is a practical one: findings from the browser can now…
Apple expands iOS 18.7.7 to more devices to block DarkSword web attacks
Apple has expanded iOS 18.7.7 and iPadOS 18.7.7 to more devices after security researchers identified web-based attacks called DarkSword targeting older iPhone software. Apple says…
Microsoft details how to mitigate the Axios npm supply chain compromise
Microsoft says developers and organizations that installed the compromised Axios releases should assume exposure and act fast. In its April 1 guidance, Microsoft Threat Intelligence…
NoVoice malware hid in 50+ Google Play apps and reached at least 2.3 million downloads
A newly detailed Android malware campaign called Operation NoVoice hid inside more than 50 apps on Google Play and reached at least 2.3 million downloads…
CISA warns of actively exploited Chrome zero-day as Google ships fix
CISA has added a newly exploited Chrome vulnerability, CVE-2026-5281, to its Known Exploited Vulnerabilities catalog and ordered federal agencies to address it by April 15,…
Hackers abuse DOCX, RTF, JavaScript, and Python in Boeing-themed RFQ malware campaign
A new phishing campaign is using fake Boeing request-for-quotation emails to infect procurement and sales targets with a multi-stage malware chain that ends in in-memory…
November 21, 2025
1 comment 
