Microsoft has started rolling out its revamped Windows Insider Program, replacing the older channel structure with a simpler setup built around two main channels: Experimental…
A newly tracked threat group called UNC6692 is using Microsoft Teams chats to trick employees into installing a custom malware suite named Snow. The campaign…
A new extortion group known as BlackFile is using phone calls, fake IT support messages, and stolen login codes to break into corporate systems. The…
A newly disclosed Linux vulnerability called Pack2TheRoot can let a local unprivileged user gain root access through PackageKit, the system service used by many Linux…
The EU’s Digital Operational Resilience Act has changed how financial institutions need to treat passwords, privileged access, and authentication. Under DORA, weak credential management is…
More than 10,000 internet-exposed Zimbra Collaboration Suite servers remain vulnerable to an actively exploited cross-site scripting flaw, according to Shadowserver. The vulnerability, tracked as CVE-2025-48700,…
Hackers are actively exploiting a critical vulnerability in the Breeze Cache WordPress plugin that can let unauthenticated attackers upload arbitrary files to vulnerable websites. The…
Bitwarden has confirmed that a malicious version of its @bitwarden/cli npm package was briefly distributed through npm on April 22, 2026. The affected release, @bitwarden/[email protected],…
Rituals has confirmed a data breach involving its My Rituals membership database after an unauthorized party downloaded part of its members’ data in April 2026.…
Password resets are no longer just a routine IT task. Attackers now target help desks because a successful reset can give them legitimate access without…
November 21, 2025
1 comment 
