PlushDaemon Supply Chain Attacks Reveal Update Security Flaws
A recent investigation reveals how the PlushDaemon supply chain threat actor compromises trusted software updates through DNS manipulation and a multi-stage malware operation. The group redirects update traffic to malicious servers by exploiting vulnerable routers and injecting hidden implants. Their campaign exposes a critical weakness in modern update paths, where many organisations rely on automated downloads without validating the source.
Cloudflare Outage Disrupts Global Services on November 18
A huge Cloudflare outage on November 18 caused widespread disruption across major online platforms. Cloudflare provides essential DNS, CDN, and security services to a large portion of the internet. When its traffic-handling systems failed yesterday, thousands of services across the globe faced broken functionality, connection errors, and complete downtime. The outage highlighted how deeply modern platforms depend on Cloudflare’s infrastructure
Grok 4.1 Update Improves Reliability and Performance
Momentum builds around xAI as the Grok 4.1 update reaches global users with higher speed, clearer reasoning, and a more stable performance profile. The rollout arrives during a crowded period in the AI market, where new releases aim to prove that better accuracy and stronger consistency matter more than raw scale. xAI responds by offering both versions of Grok 4.1
AI-Orchestrated Cyberespionage Exposed by Anthropic
AI-orchestrated cyberespionage now defines a major turning point in modern threat operations. Anthropic revealed a campaign that used autonomous AI agents to execute long, complex intrusion workflows with minimal human oversight. The disclosure highlights an evolving threat landscape in which advanced models operate as full attack engines, not simple assistants. Security teams now face adversaries that execute reconnaissance, exploitation, persistence,
RondoDox XWiki exploit Drives New Wave of Botnet Attacks
A RondoDox XWiki exploit fuels a new surge in botnet activity as threat actors target unpatched servers exposed to the internet. Security researchers observed fresh exploitation waves throughout November, and the campaign highlights how delayed patching creates real opportunities for attackers. The flaw at the center of the incident affects the SolrSearch endpoint in older XWiki versions and enables remote
Logitech Data Breach Exposes Private Information
A recent Logitech data breach has raised serious concerns after the company confirmed an extortion attack linked to the Clop ransomware group. Logitech reported that attackers stole internal data by exploiting a third-party zero-day vulnerability. The incident highlights ongoing risks in enterprise systems and underscores growing pressure on global companies to strengthen supply-chain security. How the Attack Began Logitech disclosed
DoorDash Data Breach Exposes User Contact Information
A new DoorDash data breach surfaced in late October 2025 and raised fresh concerns about security inside major delivery platforms. DoorDash confirmed an unauthorized party accessed user contact information after a social-engineering attack compromised an employee. The incident adds pressure to a company already criticized for past security failures and increases the risk of future targeted fraud. What Happened During
Malware Takedown Dismantles Major Malware Operations
Malware takedown efforts intensified this week as international law-enforcement agencies dismantled the infrastructure behind Rhadamanthys, VenomRAT, and Elysium. Authorities targeted large networks that controlled infected systems, harvested credentials, and enabled widespread cybercrime activity. Investigators coordinated across several countries and removed key servers, domains, and operational assets. This action delivers a significant blow to three prolific malware ecosystems. Scale of the
Rhadamanthys Infostealer Disruption Shakes Cybercrime Market
The Rhadamanthys infostealer disruption has sent shockwaves through the cybercrime world. In early November 2025, operators and paying "customers" suddenly lost access to their web panels and servers. SSH logins switched to certificate-only mode without warning, leaving hackers locked out of their own tools. This abrupt shutdown may indicate a coordinated law enforcement action, potentially linked to Europe’s ongoing Operation
ChatGPT Suicide Lawsuits: OpenAI Accused of Negligence
A series of ChatGPT suicide lawsuits filed in California claims that OpenAI’s chatbot played a role in several tragic deaths. Families of the victims argue that ChatGPT’s emotionally charged conversations influenced vulnerable users and that the company failed to prevent foreseeable harm. The legal actions raise difficult questions about AI responsibility, product safety, and the emotional power of conversational systems.
