Tag: exploit
-
React2Shell critical flaw actively exploited in China-linked attacks
Multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) affecting React and Next.js just hours after the max-severity issue was disclosed. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/react2shell-critical-flaw-actively-exploited-in-china-linked-attacks/
-
Ghost-Tap Scam Makes Payments Scarier
The BBB warns of a rising ghost-tap scam exploiting tap-to-pay cards and mobile wallets. How attackers use NFC proximity tricks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/ghost-tap-scam-makes-payments-scarier/
-
Ghost-Tap Scam Makes Payments Scarier
The BBB warns of a rising ghost-tap scam exploiting tap-to-pay cards and mobile wallets. How attackers use NFC proximity tricks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/ghost-tap-scam-makes-payments-scarier/
-
Ghost-Tap Scam Makes Payments Scarier
The BBB warns of a rising ghost-tap scam exploiting tap-to-pay cards and mobile wallets. How attackers use NFC proximity tricks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/ghost-tap-scam-makes-payments-scarier/
-
New SVG Technique Enables Highly Interactive Clickjacking Attacks
A security researcher has unveiled a novel web exploitation technique dubbed >>SVG clickjacking,
-
JPCERT Confirms Active Command Injection Attacks on Array AG Gateways
A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited in the wild since August 2025, according to an alert issued by JPCERT/CC this week.The vulnerability, which does not have a CVE identifier, was addressed by the company on May 11, 2025. It’s rooted in Array’s DesktopDirect, a remote desktop…
-
New SVG Technique Enables Highly Interactive Clickjacking Attacks
A security researcher has unveiled a novel web exploitation technique dubbed >>SVG clickjacking,
-
JPCERT Confirms Active Command Injection Attacks on Array AG Gateways
A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited in the wild since August 2025, according to an alert issued by JPCERT/CC this week.The vulnerability, which does not have a CVE identifier, was addressed by the company on May 11, 2025. It’s rooted in Array’s DesktopDirect, a remote desktop…
-
Deepfakes oben, Zero Days unten Cyber-Eisberg wächst
Agentenbasierte KI (Agentic AI) verwandelt Cyberbedrohungen wie Phishing und Deepfakes in pausenlose Zero-Day-Exploits und automatisierte Ransomware. Die meisten Unternehmen werden damit nicht Schritt halten können. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/deepfakes-oben-zero-days-unten
-
Deepfakes oben, Zero Days unten Cyber-Eisberg wächst
Agentenbasierte KI (Agentic AI) verwandelt Cyberbedrohungen wie Phishing und Deepfakes in pausenlose Zero-Day-Exploits und automatisierte Ransomware. Die meisten Unternehmen werden damit nicht Schritt halten können. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/deepfakes-oben-zero-days-unten
-
Deepfakes oben, Zero Days unten Cyber-Eisberg wächst
Agentenbasierte KI (Agentic AI) verwandelt Cyberbedrohungen wie Phishing und Deepfakes in pausenlose Zero-Day-Exploits und automatisierte Ransomware. Die meisten Unternehmen werden damit nicht Schritt halten können. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/deepfakes-oben-zero-days-unten
-
Chained Synology BeeStation Vulnerabilities Enable Root Privilege Escalation via Task Scheduler Exploit
While preparing for Pwn2Own Ireland 2025, a security researcher revisiting N-day bugs in Synology NAS has demonstrated a powerful new twist on an existing Synology BeeStation (BST150-4T) exploit chain, achieving unauthenticated root Remote Code Execution (RCE) by abusing the system task scheduler instead of more traditional PHP-based payloads. The work builds on a BeeStation chain…
-
New iOS Zero-Day Exploit Chain Enables Advanced Surveillance by Mercenary Spyware
Despite extensive scrutiny and public reporting, commercial surveillance vendors continue to operate with alarming sophistication. Intellexa, a prominent mercenary spyware provider known for its >>Predator
-
U.S. CISA adds a new an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a new OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an OpenPLC ScadaBR flaw, tracked as CVE-2021-26828 (CVSS Score of 8.7), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is an unrestricted upload of file with dangerous type vulnerability. >>OpenPLC…
-
Brickstorm Malware Hits US Critical Systems, CISA Warns
Chinese-Linked Malware Campaign Targets Critical Environments With Weak Monitoring. U.S. and Canadian cyber authorities say Chinese state-backed actors used a backdoor dubbed BRICKSTORM to maintain long-term access into critical infrastructure, exploiting VMware environments to exfiltrate credentials and evade detection through encrypted covert channels. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/brickstorm-malware-hits-us-critical-systems-cisa-warns-a-30195
-
Hackers are exploiting ArrayOS AG VPN flaw to plant webshells
Threat actors have been exploiting a command injection vulnerability in Array AG Series VPN devices to plant webshells and create rogue users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-are-exploiting-arrayos-ag-vpn-flaw-to-plant-webshells/
-
From feeds to flows: Using a unified linkage model to operationalize threat intelligence
Tags: access, api, attack, authentication, automation, business, ciso, cloud, compliance, container, control, corporate, credentials, cyber, cybersecurity, data, defense, exploit, finance, firewall, framework, github, government, iam, identity, infrastructure, intelligence, ISO-27001, malicious, metric, mitre, monitoring, network, nist, open-source, phishing, risk, risk-assessment, risk-management, saas, service, siem, soc, software, supply-chain, tactics, threat, tool, update, vulnerability, zero-trustwhat to watch for, but not why it matters or how it moves through your environment.The result is a paradox of abundance: CISOs have more data than ever before, but less operational clarity. Analysts are overwhelmed by indicators disconnected from context or mission relevance.Each feed represents a snapshot of a potential threat, but it does…
-
Cryptohack Roundup: Authorities Shutter Cryptomixer
Also: Anthropic Warns of Autonomous AI Exploits on Blockchain. This week, authorities shutter Cryptomixer, Anthropic warns about autonomous AI exploits, U.K. plans ban on crypto political donations, Do Kwon seeks leniency, Lazarus Group suspected in Upbit theft, Balancer’s post-exploit plans and Yearn recovers some hacked amount. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cryptohack-roundup-authorities-shutter-cryptomixer-a-30192
-
Dangerous RCE Flaw in React, Next.js Threatens Cloud Environments, Apps
Security and developer teams are scrambling to address a highly critical security flaw in frameworks tied to the popular React JavaScript library. Not only is the vulnerability, which also is in the Next.js framework, easy to exploit, but React is widely used, including in 39% of cloud environments. First seen on securityboulevard.com Jump to article:…
-
ShadyPanda’s Years-Long Browser Hack Infected 4.3 Million Users
A threat group dubbed ShadyPanda exploited traditional extension processes in browser marketplaces by uploading legitimate extensions and then quietly weaponization them with malicious updates, infecting 4.3 million Chrome and Edge users with RCE malware and spyware. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/shadypandas-years-long-browser-hack-infected-4-3-million-users/
-
ShadyPanda’s Years-Long Browser Hack Infected 4.3 Million Users
A threat group dubbed ShadyPanda exploited traditional extension processes in browser marketplaces by uploading legitimate extensions and then quietly weaponization them with malicious updates, infecting 4.3 million Chrome and Edge users with RCE malware and spyware. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/shadypandas-years-long-browser-hack-infected-4-3-million-users/
-
ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts”, and 15 More Stories
Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all locked in a nonstop race to outsmart each other.Here’s a quick rundown of the latest cyber stories that show how fast the game keeps changing. DeFi exploit drains funds Critical…
-
CISA Issues Five New ICS Advisories on Emerging Vulnerabilities and Exploits
Tags: cisa, control, cyber, cybersecurity, exploit, healthcare, infrastructure, software, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) released five critical advisories on December 2, 2025, addressing high-severity vulnerabilities affecting industrial control systems across multiple vendors. The advisories span video surveillance platforms, intelligent metering gateways, medical imaging software, and manufacturing control systems, collectively impacting critical infrastructure sectors worldwide, including energy, healthcare, and water systems. The most…
-
Hackers Weaponize Velociraptor DFIR for Stealthy C2 and Ransomware Deployment
Tags: access, control, cyber, exploit, hacker, incident response, infrastructure, open-source, ransomware, threat, tool, vulnerabilityThreat actors are increasingly weaponizing Velociraptor, a legitimate open-source digital forensics and incident response (DFIR) tool, to establish command-and-control (C2) infrastructure and facilitate ransomware attacks. Huntress analysts have documented multiple incidents spanning September through November 2025 where attackers exploited critical vulnerabilities to gain initial access before deploying Velociraptor for persistent remote access and lateral movement.…
-
Hackers Weaponize Velociraptor DFIR for Stealthy C2 and Ransomware Deployment
Tags: access, control, cyber, exploit, hacker, incident response, infrastructure, open-source, ransomware, threat, tool, vulnerabilityThreat actors are increasingly weaponizing Velociraptor, a legitimate open-source digital forensics and incident response (DFIR) tool, to establish command-and-control (C2) infrastructure and facilitate ransomware attacks. Huntress analysts have documented multiple incidents spanning September through November 2025 where attackers exploited critical vulnerabilities to gain initial access before deploying Velociraptor for persistent remote access and lateral movement.…
-
WordPress Plugin Vulnerability Under Active Attack, Allowing Remote Code Execution
A severe remote code execution vulnerability in the Sneeit Framework WordPress plugin is under active exploitation, with attackers launching thousands of attacks within hours of public disclosure. WordPress site administrators must immediately update to version 8.4 or later to prevent complete site compromise. On June 10th, 2025, a remote code execution vulnerability was discovered in…
-
CISA Issues Five New ICS Advisories on Emerging Vulnerabilities and Exploits
Tags: cisa, control, cyber, cybersecurity, exploit, healthcare, infrastructure, software, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) released five critical advisories on December 2, 2025, addressing high-severity vulnerabilities affecting industrial control systems across multiple vendors. The advisories span video surveillance platforms, intelligent metering gateways, medical imaging software, and manufacturing control systems, collectively impacting critical infrastructure sectors worldwide, including energy, healthcare, and water systems. The most…
-
WordPress Plugin Vulnerability Under Active Attack, Allowing Remote Code Execution
A severe remote code execution vulnerability in the Sneeit Framework WordPress plugin is under active exploitation, with attackers launching thousands of attacks within hours of public disclosure. WordPress site administrators must immediately update to version 8.4 or later to prevent complete site compromise. On June 10th, 2025, a remote code execution vulnerability was discovered in…