A newly disclosed iTerm2 vulnerability shows that even viewing attacker-controlled terminal output can lead to local code execution under the right conditions. Security researchers at…
A proof-of-concept exploit is now public for CVE-2026-33829, a Windows Snipping Tool flaw that can leak a user’s Net-NTLM hash when the victim opens a…
A SideWinder-linked phishing campaign is using a fake Chrome PDF viewer and a polished Zimbra webmail clone to steal credentials from government and defense targets…
A newly disclosed prompt injection attack shows how GitHub pull request titles, issue bodies, and issue comments can hijack AI coding agents and make them…
CISA has warned that the Axios npm package was compromised in a supply chain attack that delivered a remote access trojan to developers who installed…
A critical flaw in SGLang could let attackers turn a standard GGUF model file into a remote code execution path on AI inference servers. The…
A coordinated browser extension campaign has compromised more than 130,000 users by posing as TikTok video downloaders on Chrome and Edge. Security firm LayerX says…
Artificial intelligence may soon compress the time between vulnerability discovery and real-world exploitation so sharply that many defenders lose the patch window they have counted…
A ransomware-as-a-service group known as The Gentlemen has expanded quickly since emerging around mid-2025, and researchers say it now offers lockers for Windows, Linux, NAS,…
Threat hunters have confirmed the first real-world intrusion where attackers used the publicly released Nightmare-Eclipse toolkit after gaining access through what appears to be a…
November 21, 2025
1 comment 
