cPanel patches critical authentication bypass flaw after emergency warning
cPanel has released emergency security updates for a critical authentication bypass vulnerability affecting cPanel & WHM, cPanel DNSOnly, and WP Squared. The flaw is tracked…
BlueNoroff uses fake Zoom meetings and fileless PowerShell to target crypto firms
BlueNoroff, a financially motivated subgroup of North Korea’s Lazarus Group, has been linked to a new campaign targeting cryptocurrency and Web3 professionals through fake Zoom…
VECT 2.0 ransomware destroys large files instead of encrypting them
A newly analyzed ransomware strain called VECT 2.0 can permanently destroy large files instead of encrypting them in a recoverable way. Check Point Research found…
Google fixes critical Chrome flaws that could allow remote code execution
Google has released a Chrome security update for Windows, macOS, and Linux to fix 30 vulnerabilities, including multiple critical flaws that could allow remote attackers…
Hugging Face LeRobot flaw enables unauthenticated remote code execution
A critical vulnerability in Hugging Face LeRobot can let unauthenticated attackers run commands on systems that expose the framework’s async inference service to a network.…
CISA warns Windows Shell zero-click flaw is being exploited in attacks
CISA has added a Microsoft Windows Shell vulnerability, tracked as CVE-2026-32202, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. The flaw affects…
Vimeo confirms data breach after Anodot vendor compromise exposed user data
Vimeo has confirmed a security incident after an unauthorized actor accessed certain user and customer data through a breach involving Anodot, a third-party analytics provider.…
Minecraft players targeted by LofyStealer malware disguised as Slinky cheat
Minecraft players are being targeted by a new LofyStealer campaign that disguises malware as a cheat tool called Slinky. The attack uses the official Minecraft…
SLOTAGENT malware uses API hashing and encrypted strings to evade analysis
A newly identified malware family called SLOTAGENT is drawing attention because of its heavy use of anti-analysis techniques. Researchers say the malware hides Windows API…
Cursor AI coding agent flaw lets malicious repositories run code on developer machines
A Cursor vulnerability tracked as CVE-2026-26268 can let attackers run code on a developer’s machine through a malicious repository. The issue affects Cursor versions before…
November 21, 2025
1 comment 
