Collecting Cyber-News from over 60 sources

Tag: exploit

CISA Alerts on Apple WebKit Zero-Day Actively Used in Cyberattacks

Dec 16, 2025 9:19 PM

Tags: apple, cisa, cve, cyber, cyberattack, cybersecurity, exploit, infrastructure, kev, macOS, risk, vulnerability, zero-day

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical zero-day vulnerability affecting multiple Apple products to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. CVE-2025-43529 represents a severe use-after-free vulnerability in WebKit, Apple’s rendering engine, that poses a significant risk to millions of users across iOS, iPadOS, macOS, and other…
Critical FortiGate SSO Vulnerability Actively Exploited in Real-World Attacks

Dec 16, 2025 9:19 PM

Tags: attack, authentication, cve, cyber, exploit, flaw, fortinet, login, threat, vulnerability

Fortinet’s FortiGate appliances face immediate threat from two critical authentication bypass vulnerabilities being actively exploited in production environments. Fortinet released advisories for CVE-2025-59718 and CVE-2025-59719 on December 9, 2025, identifying critical flaws in FortiCloud SSO authentication mechanisms. These vulnerabilities enable unauthenticated attackers to bypass SSO login protections through crafted SAML messages when FortiCloud SSO is…
GhostPairing Attack Exposes WhatsApp Accounts to Full Takeover via Phone Numbers

Dec 16, 2025 9:19 PM

Tags: access, attack, cyber, exploit, password, phone, social-engineering, threat

A novel WhatsApp account-takeover campaign dubbed >>GhostPairing Attack
Russia’s GRU Tied to Critical Infrastructure Cloud Breaches

Dec 16, 2025 8:19 PM

Tags: access, breach, cloud, exploit, hacker, infrastructure, intelligence, military, network, russia, threat

Misconfigured Customer Network Edge Devices’ Under Fire, Warn Researchers. Misconfigured edge devices hosted in the cloud are giving nation-state hackers carte blanche to access Western critical infrastructure, warn threat intelligence experts at Amazon, who tied exploits of AWS customers’ device administrator portals to Russia’s GRU military intelligence agency. First seen on govinfosecurity.com Jump to article:…
Real Attacks of the Week: How Spyware Beaconing and Exploit Probing Are Shaping Modern Intrusions

Dec 16, 2025 7:19 PM

Tags: attack, cyber, data-breach, endpoint, exploit, firewall, malware, service, spyware

Over the past week, enterprise security teams observed a combination of covert malware communication attempts and aggressive probing of publicly exposed infrastructure. These incidents, detected across firewall and endpoint security layers, demonstrate how modern cyber attackers operate simultaneously. While quietly activating compromised internal systems, they also relentlessly scan external services for exploitable weaknesses. Although the…
Amazon: Russian GRU hackers favor misconfigured devices over vulnerabilities

Dec 16, 2025 7:19 PM

Tags: exploit, hacker, infrastructure, intelligence, russia, software, threat, vulnerability

Amazon Threat Intelligence reports Russian GRU hackers are increasingly breaking into critical infrastructure by abusing misconfigured devices instead of exploiting software vulnerabilities. First seen on hackread.com Jump to article: hackread.com/amazon-russia-gru-hackers-misconfigured-vulnerabilities/
React2Shell attacks expand widely across multiple sectors

Dec 16, 2025 6:24 PM

Tags: attack, exploit, flaw

Researchers warn that state-linked and opportunistic actors are working to exploit flaws in React’s application tools. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/react2shell-attacks-expand-multiple-sectors/808030/
React2Shell attacks expand widely across multiple sectors

Dec 16, 2025 6:24 PM

Tags: attack, exploit, flaw

Researchers warn that state-linked and opportunistic actors are working to exploit flaws in React’s application tools. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/react2shell-attacks-expand-multiple-sectors/808030/
Amazon warns that Russia’s Sandworm has shifted its tactics

Dec 16, 2025 5:19 PM

Tags: access, exploit, intelligence, military, network, russia, tactics, vulnerability

Researchers said attackers linked to Russia’s military intelligence agency have moved from vulnerability exploits to focus on poorly configured network edge devices to keep its access to target networks. First seen on cyberscoop.com Jump to article: cyberscoop.com/amazon-threat-intel-russia-attacks-energy-sector-sandworm-apt44/
Hackers are exploiting critical Fortinet flaws days after patch release

Dec 16, 2025 5:19 PM

Tags: cve, exploit, flaw, fortinet, hacker, threat, update, vulnerability

Threat actors are exploiting two critical Fortinet flaws, tracked as CVE-2025-59718 and CVE-2025-59719, days after patch release, impacting multiple Fortinet products. Threat actors started exploiting two critical flaws, tracked as CVE-2025-59718 and CVE-2025-59719 (CVSS score of 9.1), in Fortinet products days after patch release, Arctic Wolf warns. Last week, Fortinet addressed 18 vulnerabilities, including the two flaws…
Google Finds Server Takeovers Linked to React2Shell Exploitation

Dec 16, 2025 5:19 PM

Tags: exploit, google

Google warns that attackers are actively exploiting React2Shell to hijack unpatched servers. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/google-finds-server-takeovers-linked-to-react2shell-exploitation/
Hackers exploit newly patched Fortinet auth bypass flaws

Dec 16, 2025 5:19 PM

Tags: access, exploit, flaw, fortinet, hacker, unauthorized, vulnerability

Hackers are exploiting critical-severity vulnerabilities affecting multiple Fortinet products to get unauthorized access to admin accounts and steal system configuration files. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-newly-patched-fortinet-auth-bypass-flaws/
React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors

Dec 16, 2025 10:19 AM

Tags: access, backdoor, exploit, linux, malware, network, threat, tool, vulnerability

The security vulnerability known as React2Shell is being exploited by threat actors to deliver malware families like KSwapDoor and ZnDoor, according to findings from Palo Alto Networks Unit 42 and NTT Security.”KSwapDoor is a professionally engineered remote access tool designed with stealth in mind,” Justin Moore, senior manager of threat intel research at Palo Alto…
React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors

Dec 16, 2025 10:19 AM

Tags: access, backdoor, exploit, linux, malware, network, threat, tool, vulnerability

The security vulnerability known as React2Shell is being exploited by threat actors to deliver malware families like KSwapDoor and ZnDoor, according to findings from Palo Alto Networks Unit 42 and NTT Security.”KSwapDoor is a professionally engineered remote access tool designed with stealth in mind,” Justin Moore, senior manager of threat intel research at Palo Alto…
How to create a ransomware playbook that works

Dec 16, 2025 9:19 AM

Tags: access, antivirus, attack, authentication, awareness, backup, best-practice, breach, business, communications, corporate, credentials, cyber, cybersecurity, data, defense, detection, edr, email, encryption, exploit, finance, firewall, flaw, identity, incident response, infrastructure, insurance, law, least-privilege, malicious, malware, mfa, mobile, phishing, ransom, ransomware, risk, skills, social-engineering, software, strategy, technology, threat, tool, training, update, vulnerability

Staffing, skills, and training: Many organizations continue to find that cybersecurity experts are in short supply, so staffing up teams is a challenge. That can be problematic for a ransomware strategy. Companies need to have a variety of skills in place, including expertise in incident detection and prevention, incident response, firewall configuration, and other areas.They…
How to create a ransomware playbook that works

Dec 16, 2025 9:19 AM

Tags: access, antivirus, attack, authentication, awareness, backup, best-practice, breach, business, communications, corporate, credentials, cyber, cybersecurity, data, defense, detection, edr, email, encryption, exploit, finance, firewall, flaw, identity, incident response, infrastructure, insurance, law, least-privilege, malicious, malware, mfa, mobile, phishing, ransom, ransomware, risk, skills, social-engineering, software, strategy, technology, threat, tool, training, update, vulnerability

Staffing, skills, and training: Many organizations continue to find that cybersecurity experts are in short supply, so staffing up teams is a challenge. That can be problematic for a ransomware strategy. Companies need to have a variety of skills in place, including expertise in incident detection and prevention, incident response, firewall configuration, and other areas.They…
How to create a ransomware playbook that works

Dec 16, 2025 9:19 AM

Tags: access, antivirus, attack, authentication, awareness, backup, best-practice, breach, business, communications, corporate, credentials, cyber, cybersecurity, data, defense, detection, edr, email, encryption, exploit, finance, firewall, flaw, identity, incident response, infrastructure, insurance, law, least-privilege, malicious, malware, mfa, mobile, phishing, ransom, ransomware, risk, skills, social-engineering, software, strategy, technology, threat, tool, training, update, vulnerability

Staffing, skills, and training: Many organizations continue to find that cybersecurity experts are in short supply, so staffing up teams is a challenge. That can be problematic for a ransomware strategy. Companies need to have a variety of skills in place, including expertise in incident detection and prevention, incident response, firewall configuration, and other areas.They…
Chrome Extension with 6M+ Users Found Collecting AI Chatbot Inputs

Dec 16, 2025 9:19 AM

Tags: ai, browser, chatgpt, chrome, cyber, data, exploit, microsoft, privacy, risk, vpn

A popular browser extension promoted as a free and secure VPN has been discovered secretly capturing user conversations across multiple AI chatbot platforms including ChatGPT, Claude, Gemini, and Microsoft Copilot raising fresh concerns over privacy and data exploitation in the age of generative AI. Researchers using the Wings agentic”‘AI risk engine uncovered that Urban VPN…
U.S. CISA adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog

Dec 15, 2025 9:19 PM

Tags: apple, cisa, cybersecurity, exploit, flaw, infrastructure, kev, vulnerability

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: Last week, Apple and…
ZnDoor Malware Actively Exploits React2Shell to Breach Network Infrastructure

Dec 15, 2025 9:19 PM

Tags: attack, breach, crypto, cyber, exploit, infrastructure, malware, network, remote-code-execution, threat, vulnerability

Since December 2025, security operations centers have identified a rising threat targeting Japanese enterprises through the exploitation of React2Shell (CVE-2025-55182), a critical remote code execution vulnerability affecting React and Next.js applications. While initial attacks primarily deployed cryptocurrency miners, researchers discovered a more dangerous payload a previously unknown malware family designated ZnDoor. Evidence suggests this threat…
PCPcat Malware Leverages React2Shell Vulnerability to Breach 59,000+ Servers

Dec 15, 2025 9:19 PM

Tags: attack, breach, control, cve, cyber, docker, exploit, group, infrastructure, malware, monitoring, vulnerability

A sophisticated attack campaign attributed to a group identifying as >>PCP
U.S. CISA adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog

Dec 15, 2025 9:19 PM

Tags: apple, cisa, cybersecurity, exploit, flaw, infrastructure, kev, vulnerability

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: Last week, Apple and…
xHunt APT Exploits Microsoft Exchange and IIS to Deploy Custom Backdoors

Dec 15, 2025 9:19 PM

Tags: apt, backdoor, cyber, espionage, exploit, government, group, microsoft, threat

xHunt, a sophisticated cyber-espionage group with a laser focus on organizations in Kuwait, has continued to demonstrate advanced capabilities in infiltrating critical infrastructure. The group’s persistent, multi-year campaigns targeting the shipping, transportation, and government sectors underscore the evolving threat landscape facing Middle Eastern enterprises. Since its first documented operations in July 2018, xHunt has refined…
ZnDoor Malware Actively Exploits React2Shell to Breach Network Infrastructure

Dec 15, 2025 9:19 PM

Tags: attack, breach, crypto, cyber, exploit, infrastructure, malware, network, remote-code-execution, threat, vulnerability

Since December 2025, security operations centers have identified a rising threat targeting Japanese enterprises through the exploitation of React2Shell (CVE-2025-55182), a critical remote code execution vulnerability affecting React and Next.js applications. While initial attacks primarily deployed cryptocurrency miners, researchers discovered a more dangerous payload a previously unknown malware family designated ZnDoor. Evidence suggests this threat…
Shannon: AI Pentesting Tool That Autonomously Identifies and Exploits Code Vulnerabilities

Dec 15, 2025 9:19 PM

Tags: ai, cyber, exploit, intelligence, penetration-testing, risk, tool, vulnerability

Keygraph has unveiled Shannon, a fully autonomous artificial intelligence pentester designed to discover and execute real exploits in web applications. Unlike conventional vulnerability scanners that generate false positives, Shannon bridges a critical security gap by delivering proof-of-concept exploits that demonstrate actual risk before attackers do. The modern development workflow has created a significant security paradox. Teams…
Shannon: AI Pentesting Tool That Autonomously Identifies and Exploits Code Vulnerabilities

Dec 15, 2025 9:19 PM

Tags: ai, cyber, exploit, intelligence, penetration-testing, risk, tool, vulnerability

Keygraph has unveiled Shannon, a fully autonomous artificial intelligence pentester designed to discover and execute real exploits in web applications. Unlike conventional vulnerability scanners that generate false positives, Shannon bridges a critical security gap by delivering proof-of-concept exploits that demonstrate actual risk before attackers do. The modern development workflow has created a significant security paradox. Teams…
China, Iran are having a field day with React2Shell, Google warns

Dec 15, 2025 7:19 PM

Tags: china, exploit, flaw, google, iran

Who hasn’t exploited this max-severity flaw? First seen on theregister.com Jump to article: www.theregister.com/2025/12/15/react2shell_flaw_china_iran/
Nation-State and Cybercrime Exploits Tied to React2Shell

Dec 15, 2025 7:19 PM

Tags: china, cve, cybercrime, ddos, exploit, hacker, iran, korea, malware, north-korea, service, update, vulnerability

2 More Vulnerabilities Need Patching in React Server Components, Warns Vercel. Mass exploitation of the React2Shell – CVE-2025-55182 – vulnerability remains underway by nation-state hackers tied to China, North Korea and Iran, as well as financially motivated cybercriminals running everything from cryptomining malware to DDoS services, security experts warn. First seen on govinfosecurity.com Jump to…
Apple Zero-Day Exploits Used in Targeted iPhone Spyware Attacks

Dec 15, 2025 3:19 PM

Tags: apple, attack, exploit, iphone, spyware, zero-day

Apple confirmed two WebKit zero-days exploited in targeted iPhone spyware attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/apple-zero-day-exploits-used-in-targeted-iphone-spyware-attacks/
Apple Zero-Day Exploits Used in Targeted iPhone Spyware Attacks

Dec 15, 2025 3:19 PM

Tags: apple, attack, exploit, iphone, spyware, zero-day

Apple confirmed two WebKit zero-days exploited in targeted iPhone spyware attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/apple-zero-day-exploits-used-in-targeted-iphone-spyware-attacks/