Smart Slider 3 file read flaw puts hundreds of thousands of WordPress sites at risk
A newly disclosed flaw in the Smart Slider 3 WordPress plugin can let logged-in attackers with low privileges read arbitrary files from the server. The…
Microsoft ships new WinRE and Setup updates as Secure Boot certificate deadline gets closer
Microsoft has released two new dynamic updates for Windows 11 versions 24H2 and 25H2, KB5081494 and KB5083482, both dated March 26, 2026. KB5081494 updates Windows…
Windows Error Reporting flaw can let local attackers reach SYSTEM privileges
A patched Windows Error Reporting vulnerability can let a low-privileged local attacker elevate to SYSTEM on affected machines. The flaw, tracked as CVE-2026-20817, affects the…
Fake Cloudflare CAPTCHA pages push new Infiniti Stealer malware onto Macs
Mac users face a new malware threat that hides behind fake Cloudflare verification pages. Researchers at Malwarebytes say a newly documented macOS infostealer called Infiniti…
Critical NetScaler flaws can expose sensitive data and mix up user sessions, Citrix warns
Cloud Software Group has warned customers to patch NetScaler ADC and NetScaler Gateway after disclosing two security flaws that can expose sensitive information or cause…
Red Hat warns xz backdoor could open Linux systems to unauthorized remote access
Red Hat has warned that malicious code was inserted into upstream xz release tarballs, creating a serious supply chain threat tracked as CVE-2024-3094. The concern…
Telnyx Python package compromised on PyPI in latest TeamPCP supply chain attack
Developers who installed telnyx versions 4.87.1 or 4.87.2 should treat those environments as compromised. Telnyx says the two unauthorized releases contained malicious code and were…
PXA Stealer attacks on financial firms are rising. Here is how the campaign works
Financial firms face a fresh infostealer problem. Researchers say threat actors have increased their use of PXA Stealer in recent months, with phishing emails and…
BRUSHWORM and BRUSHLOGGER hit South Asian financial firm in targeted malware attack
A targeted cyberattack against a South Asian financial institution used two custom malware tools, BRUSHWORM and BRUSHLOGGER, to steal files, capture keystrokes, and maintain persistent…
Silver Fox targets Japanese firms with tax and HR phishing emails during busy filing season
A threat actor known as Silver Fox is targeting businesses in Japan with phishing emails that look like routine tax, payroll, and HR notices. ESET…
November 21, 2025
1 comment 
