Tag: exploit
-
RondoDox Botnet Expands Scope With React2Shell Exploitation
Recent attacks are targeting Next.js servers and pose a significant threat of cryptomining, botnet payloads, and other malicious activity to IoT networks and enterprises. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/rondodox-botnet-scope-react2shell-exploitation
-
RondoDox Botnet Expands Scope With React2Shell Exploitation
Recent attacks are targeting Next.js servers and pose a significant threat of cryptomining, botnet payloads, and other malicious activity to IoT networks and enterprises. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/rondodox-botnet-scope-react2shell-exploitation
-
Windows Users at Risk as Critical Zoom Vulnerability Exploited
A critical Zoom vulnerability put Windows users at risk of data theft and system compromise. Zoom has patched the flaw. Users should update immediately. The post Windows Users at Risk as Critical Zoom Vulnerability Exploited appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-zoom-flaw-windows-users-at-risk/
-
Kimwolf Botnet Exploits 2 Million Devices to Build a Global Proxy Infrastructure
A massive new botnet dubbed >>Kimwolf
-
ProfileHound: Post-Escalation Tool Designed to Achieve Red Team Objectives
ProfileHound emerges as a specialized post-exploitation instrument for offensive security professionals seeking to identify high-value targets within Active Directory environments. The tool addresses a critical gap in red-team reconnaissance by enumerating domain user profiles stored on compromised machines, enabling operators to make data-driven decisions about which systems warrant focused exploitation.”‹ The fundamental innovation behind ProfileHound…
-
âš¡ Weekly Recap: IoT Exploits, Wallet Breaches, Rogue Extensions, AI Abuse & More
The year opened without a reset. The same pressure carried over, and in some places it tightened. Systems people assume are boring or stable are showing up in the wrong places. Attacks moved quietly, reused familiar paths, and kept working longer than anyone wants to admit.This week’s stories share one pattern. Nothing flashy. No single…
-
Inside 2025’s Top Threat Groups: Why Familiar Actors Still Have the Upper Hand
New research reveals how ransomware groups like LockBit and Black Basta exploit visibility gaps, leaving security teams struggling to keep pace. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/inside-2025s-top-threat-groups-why-familiar-actors-still-have-the-upper-hand/
-
2026 verkürzt sich die Zeit bis zum Exploit drastisch – So sichern Unternehmen Lieferketten und Edge gegen schnelle Exploits
Tags: exploitFirst seen on security-insider.de Jump to article: www.security-insider.de/lieferketten-edge-exploits-2026-sichern-a-3f2ee4c5c5a6e46713db07c6586ddd18/
-
Security Affairs newsletter Round 557 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. French authorities investigate AI ‘undressing’ deepfakes on X Thousands of ColdFusion exploit attempts spotted during Christmas…
-
RondoDox Botnet is Using React2Shell to Hijack Thousands of Unpatched Devices
RondoDox hackers exploit the React2Shell flaw in Next.js to target 90,000+ devices, including routers, smart cameras, and small business websites. First seen on hackread.com Jump to article: hackread.com/rondodox-botnet-react2shell-hijack-unpatched-devices/
-
Thousands of ColdFusion exploit attempts spotted during Christmas holiday
GreyNoise observed thousands of attacks targeting about a dozen Adobe ColdFusion vulnerabilities during the Christmas 2025 holiday. GreyNoise reports a coordinated campaign exploiting about a dozen Adobe ColdFusion vulnerabilities, with thousands of attack attempts observed during the Christmas 2025 holiday. >>GreyNoise observed a coordinated exploitation campaign targeting Adobe ColdFusion servers over the Christmas 2025 holiday period.
-
NDSS 2025 AlphaDog: No-Box Camouflage Attacks Via Alpha Channel Oversight
Session 7D: ML Security Authors, Creators & Presenters: Qi Xia (University of Texas at San Antonio), Qian Chen (University of Texas at San Antonio) PAPER AlphaDog: No-Box Camouflage Attacks via Alpha Channel Oversight Traditional black-box adversarial attacks on computer vision models face significant limitations, including intensive querying requirements, time-consuming iterative processes, a lack of universality,…
-
Cybersecurity Snapshot: Predictions for 2026: AI Attack Acceleration, Automated Remediation, Custom-Made AI Security Tools, Machine Identity Threats, and More
Tags: access, ai, attack, automation, breach, ciso, cloud, computer, conference, control, cyber, cybersecurity, data, data-breach, defense, detection, exploit, governance, group, identity, intelligence, mitigation, risk, service, threat, tool, zero-dayIn this special edition, Tenable leaders forecast key 2026 trends, including: AI will make attacks more plentiful and less costly; machine identities will become the top cloud risk; preemptive cloud and exposure management will dethrone runtime detection; and automated remediation gets the go-ahead. Key takeaways AI will supercharge the speed and volume of traditional cyber…
-
RondoDox Botnet Exploiting Devices With React2Shell Flaw
The Campaign Compromises Open-Source Vulnerability to Hack IoT Devices at Scale. Security firm CloudSEK has uncovered a botnet campaign that is exploiting the React2Shell vulnerability in the Meta-developed, open-source React framework across a variety of devices since December. The security firm attributed the campaign to RondoDox. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/rondodox-botnet-exploiting-devices-react2shell-flaw-a-30436
-
Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass
Tags: 2fa, attack, authentication, data-breach, exploit, firewall, fortinet, Internet, mfa, vulnerabilityOver 10,000 Internet-exposed Fortinet firewalls are still vulnerable to attacks exploiting a five-year-old two-factor authentication (2FA) bypass vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-10-000-fortinet-firewalls-exposed-to-ongoing-2fa-bypass-attacks/
-
Google Tasks Feature Exploited in New Sophisticated Phishing Campaign
Over 3,000 organisations, predominantly in manufacturing, fell victim to a sophisticated phishing campaign in December 2025 that leveraged Google’s own application infrastructure to bypass enterprise email security controls. Attackers sent deceptive messages from noreply-application-integration@google.com, marking a critical shift in how threat actors exploit trusted platforms. Unlike traditional phishing attempts that rely on domain spoofing or compromised…
-
RondoDoX Botnet Abuses React2Shell Vulnerability for Malware Deployment
Tags: attack, botnet, control, cyber, data-breach, exploit, infrastructure, iot, malware, threat, vulnerabilityCloudSEK has uncovered a sustained nine-month campaign by the RondoDoX botnet operation, revealing rapid exploitation of emerging vulnerabilities including the critical React2Shell vulnerability. Analysis of exposed command-and-control logs spanning March through December 2025 demonstrates how threat actors swiftly adapted attack infrastructure following public disclosure, pivoting from traditional IoT targets to weaponizing Next.js applications within days…
-
The biggest cybersecurity and cyberattack stories of 2025
2025 was a big year for cybersecurity, with cyberattacks, data breaches, threat groups reaching new notoriety levels, and, of course, zero-day flaws exploited in breaches. Some stories, though, were more impactful or popular with our readers than others. This article explores 15 of the biggest cybersecurity stories of 2025. First seen on bleepingcomputer.com Jump to…
-
ThreatsDay Bulletin: GhostAd Drain, macOS Attacks, Proxy Botnets, Cloud Exploits, and 12+ Stories
The first ThreatsDay Bulletin of 2026 lands on a day that already feels symbolic, new year, new breaches, new tricks. If the past twelve months taught defenders anything, it’s that threat actors don’t pause for holidays or resolutions. They just evolve faster. This week’s round-up shows how subtle shifts in behavior, from code tweaks to…
-
React2Shell under attack: RondoDox Botnet spreads miners and malware
RondoDox botnet exploits the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. CloudSEK researchers warn that the RondoDox botnet is exploiting the critical React2Shell flaw (CVE-2025-55182) to drop malware and cryptominers on vulnerable Next.js servers. >>CloudSEK’s report details a persistent nine-month RondoDoX botnet campaign targeting IoT devices and web applications. Recently, the…
-
Cryptohack Roundup: $7M Trust Wallet Hack
Indian Police Arrests Ex-Coinbase Staffer Over Data Breach Charges. This week, a $7 million Trust Wallet extension hack, arrest of an ex-Coinbase support agent, the U.S. sued alleged perpetrators of a $14M scam, Polymarket hack update, early release scheduled for former Alameda CEO, backlash on Flow’s post-exploit rollback plan and Grubhub-linked holiday Bitcoin scam. First…
-
RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers
Cybersecurity researchers have disclosed details of a persistent nine-month-long campaign that has targeted Internet of Things (IoT) devices and web applications to enroll them into a botnet known as RondoDox.As of December 2025, the activity has been observed leveraging the recently disclosed React2Shell (CVE-2025-55182, CVSS score: 10.0) flaw as an initial access vector, CloudSEK said…
-
Infosecurity’s Top 10 Cybersecurity Stories of 2025
Explore Infosecurity Magazine’s most-read cybersecurity stories of 2025, from major vendor shake-ups and zero-day exploits to AI-driven threats and supply chain attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/infosecurity-top-10-stories-2025/
-
Critical vulnerability in IBM API Connect could allow authentication bypass
Tags: api, authentication, control, exploit, flaw, governance, ibm, mitigation, monitoring, radius, resilience, service, software, update, vmware, vulnerabilityInterim fixes provided: IBM said that the issue was discovered during internal testing, and it has provided interim fixes for each affected version of the software, with individual update details for VMware, OCP/CP4I, and Kubernetes.The only mitigation suggested for the flaw, according to IBM’s security bulletin, is this: “Customers unable to install the interim fix…
-
Sunken Ships: Will Orgs Learn From Ivanti EPMM Attacks?
The April/May zero-day exploitations of Ivanti’s mobile device management platform meant unprecedented pwning of thousands of orgs by a Chinese APT, and history will probably repeat itself. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/sunken-ships-ivanti-epmm-attacks
-
Malicious Manipulation of LLMs for Scalable Vulnerability Exploitation
A groundbreaking study from researchers at the University of Luxembourg reveals a critical security paradigm shift: large language models (LLMs) are being weaponized to automatically generate functional exploits from public vulnerability disclosures, effectively transforming novice attackers into capable threat actors. The research demonstrates that threat actors no longer need deep technical expertise to compromise enterprise…
-
Critical Apache StreamPipes Flaw Allows Attackers to Take Over Admin Accounts
Apache StreamPipes has released an urgent security advisory addressing CVE-2025-47411, a critical privilege escalation vulnerability affecting versions 0.69.0 through 0.97.0. The flaw allows attackers with legitimate non-administrator accounts to exploit the user ID creation mechanism and hijack administrator credentials, gaining full control over the streaming data platform. The Vulnerability The vulnerability stems from improper handling…
-
Singapore CSA warns of maximun severity SmarterMail RCE flaw
Singapore’s CSA warns of CVE-2025-52691, a critical SmarterMail flaw enabling unauthenticated remote code execution via arbitrary file upload. Singapore’s Cyber Security Agency of Singapore (CSA) warns of a maximum severity flaw, tracked as CVE-2025-52691 (CVSS score of 10.0), in SmarterMail. The vulnerability enables unauthenticated remote code execution via arbitrary file upload. >>Successful exploitation of the…