Hooking threats before they land.

Bait A Phish surfaces verified intel, and hands it to you in plain English—every morning, giving you the tools you need to stay three steps ahead of adversaries.

Join the Newsletter

Microsoft: Windows 10 KB5072653 OOB update fixes ESU install errors

Mon, 17 Nov 2025 19:22:11 -0500

Microsoft has released an emergency Windows 10 KB5072653 out-of-band update to resolve ongoing issues with installing the November extended security updates. [...]

Malicious NPM packages abuse Adspect redirects to evade security

Mon, 17 Nov 2025 18:47:46 -0500

Seven packages published on the Node Package Manager (npm) registry use the Adspect cloud-based service to separate researchers from potential victims and lead them to malicious locations. [...]

xAI's Grok 4.1 rolls out with improved quality and speed for free

Mon, 17 Nov 2025 17:56:28 -0500

Elon Musk-owned xAI has started rolling out Grok 4.1, which is an upgrade to the existing Grok 4 model, and it delivers some incremental improvements. [...]

RondoDox botnet malware now hacks servers using XWiki flaw

Mon, 17 Nov 2025 17:41:30 -0500

The RondoDox botnet malware is now exploiting a critical remote code execution (RCE) flaw in XWiki Platform tracked as CVE-2025-24893. [...]

Google Gemini 3 spotted on AI Studio ahead of imminent release

Mon, 17 Nov 2025 16:52:21 -0500

Gemini 3, which could be Google's best large language model, could begin rolling out in the next few days or hours, as the model has been spotted on AI Studio. [...]

Eurofiber France warns of breach after hacker tries to sell customer data

Mon, 17 Nov 2025 16:14:28 -0500

Eurofiber France disclosed a data breach it discovered late last week when hackers gained access to its ticket management system by exploiting a vulnerability and exfiltrated information. [...]

Critical Fortinet FortiWeb WAF Bug Exploited in the Wild

Mon, 17 Nov 2025 21:10:01 GMT

The vulnerability could allow an unauthenticated attacker to remotely execute administrative commands.

US Citizens Plead Guilty to Aiding North Korean IT Worker Campaigns

Mon, 17 Nov 2025 20:50:59 GMT

Four individuals admitted to assisting foreign IT workers in gaining employment at US companies by providing false identities and remote access to employer-owned laptops.

Princeton University discloses data breach affecting donors, alumni

Mon, 17 Nov 2025 14:36:52 -0500

A Princeton University database was compromised in a cyberattack on November 10, exposing the personal information of alumni, donors, faculty members, and students. [...]

Dutch police seizes 250 servers used by “bulletproof hosting” service

Mon, 17 Nov 2025 14:19:31 -0500

The police in the Netherlands have seized around 250 physical servers powering a bulletproof hosting service in the country used exclusively by cybercriminals for providing complete anonymity. [...]

Microsoft: Azure hit by 15 Tbps DDoS attack using 500,000 IP addresses

Mon, 17 Nov 2025 12:13:15 -0500

Microsoft said today that the Aisuru botnet hit its Azure network with a 15.72 terabits per second (Tbps) DDoS attack, launched from over 500,000 IP addresses. [...]

DoorDash email spoofing vulnerability sparks messy disclosure dispute

Mon, 17 Nov 2025 11:32:09 -0500

A vulnerability in DoorDash's systems could allow anyone to send "official" DoorDash-themed emails right from company's authorized servers, paving a near-perfect phishing channel. DoorDash has now patched the issue, but a contentious disclosure dispute has erupted, with both sides accusing each other of acting in bad faith. [...]

Get the daily threat digest

A single email, every morning. No spam. Unsubscribe anytime.