OpenAI’s public pages still show ChatGPT ads as a U.S. test, not a global rollout
OpenAI’s own public documentation still describes ChatGPT ads as a U.S.-only test for now. The company says ads began as a limited rollout for logged-in…
Betterleaks launches as Gitleaks creator’s faster open-source successor for secrets scanning
Betterleaks, a new open-source secrets scanner from Gitleaks creator Zach Rice, has launched as a drop-in replacement for the older tool. Rice says the new…
OpenClaw flaws raise prompt injection and data theft risks for self-hosted AI agents
China’s internet emergency response authorities have warned that OpenClaw, the fast-growing open-source AI agent platform, can expose users and organizations to prompt injection, data leakage,…
Palo Alto links CL-STA-1087 to long-running espionage campaign against Southeast Asian militaries
A long-running cyber espionage campaign tied with moderate confidence to China has targeted military organizations in Southeast Asia since at least 2020, according to Palo…
Microsoft warns Storm-2561 uses fake VPN downloads in search results to steal enterprise credentials
Storm-2561 is using poisoned search results and fake VPN downloads to steal enterprise credentials, according to Microsoft. The campaign pushes users searching for trusted VPN…
CrackArmor flaws in Linux AppArmor let local users gain root and weaken container isolation
Qualys has disclosed nine security flaws in Linux’s AppArmor module that can let unprivileged local users manipulate security profiles, escalate privileges to root, and weaken…
Rust-based VENON malware hits 33 Brazilian banks with stealthy credential-theft overlays
A newly disclosed Windows banking trojan called VENON is targeting users in Brazil, and researchers say it marks a notable shift in the region’s cybercrime…
IBM links Hive0163 to AI-assisted Slopoly malware used for persistent access in ransomware attacks
IBM X-Force says a financially motivated threat cluster known as Hive0163 used a likely AI-generated malware family called Slopoly during a ransomware intrusion in early…
How CISOs can scale phishing detection in the SOC without burning out analysts
Phishing has become harder to catch early because many campaigns now use legitimate cloud services, polished sign-in pages, and encrypted traffic that looks normal at…
Microsoft to disable insecure WDS hands-free deployments after CVE-2026-0386
Microsoft is moving to block insecure hands-free deployments in Windows Deployment Services after disclosing CVE-2026-0386, a high-severity remote code execution vulnerability. The issue affects the…
November 21, 2025
1 comment 
