Vercel has released a major Next.js security update that fixes 13 advisories across denial-of-service, middleware bypass, server-side request forgery, cache poisoning, and cross-site scripting bugs.…
Dirty Frag is a newly disclosed Linux kernel vulnerability chain that can let a local, unprivileged user gain root access on affected systems. The issue…
The Spring team has patched four Spring Cloud Config Server vulnerabilities that can expose sensitive files, Google Cloud secrets, Git repository paths, and internal log…
Trellix has confirmed unauthorized access to a portion of its source code repository, while the RansomHouse extortion group has claimed responsibility for the incident. The…
DarkMoon is a new open-source platform that uses AI agents to run automated penetration testing workflows across web, network, Active Directory, Kubernetes, cloud, and application…
A new Brazilian banking trojan called TCLBANKER is spreading through a trojanized Logitech installer and using WhatsApp and Outlook worm modules to reach more victims.…
A cyberespionage campaign named HumanitarianBait is using fake humanitarian aid documents to deliver a Python-based infostealer on Windows systems. The attack hides a malicious shortcut…
A 12-year-old boy reportedly fooled an online age verification system by drawing a moustache on his face with an eyebrow pencil. The system then verified…
Hackers are abusing trusted AI platforms, including Hugging Face and ClawHub, to distribute malware disguised as models, datasets, and agent skills. The campaign shows how…
A newly documented malware campaign used fake Python packages on PyPI to deliver ZiChatBot, a cross-platform backdoor that targets Windows and Linux systems. The malware…
November 21, 2025
1 comment 
