React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors
React2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server Components (RSC) to…
.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL
î ‚Dec 10, 2025î „Ravie LakshmananEnterprise Security / Web Services New research has uncovered exploitation primitives in the .NET Framework that could…
Three PCIe Encryption Weaknesses Expose PCIe 5.0+ Systems to Faulty Data Handling
î ‚Dec 10, 2025î „Ravie LakshmananHardware Security / Vulnerability Three security vulnerabilities have been disclosed in the Peripheral Component Interconnect Express (PCIe)…
How Attackers Exploit Cloud Misconfigurations Across AWS, AI Models, and Kubernetes
î ‚Dec 10, 2025î „The Hacker NewsCloud Security / Threat Detection Cloud security is changing. Attackers are no longer just breaking down…
WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups
î ‚Dec 10, 2025î „Ravie LakshmananVulnerability / Malware The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a security flaw…
Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days
Microsoft closed out 2025 with patches for 56 security flaws in various products across the Windows platform, including one vulnerability…
Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws
î ‚Dec 10, 2025î „Ravie LakshmananVulnerability / Endpoint Security Fortinet, Ivanti, and SAP have moved to address critical security flaws in their…
North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware
Threat actors with ties to North Korea have likely become the latest to exploit the recently disclosed critical security React2Shell…
Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure
î ‚Dec 09, 2025î „Ravie LakshmananCybersecurity / Malware Four distinct threat activity clusters have been observed leveraging a malware loader known as…
Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading
î ‚Dec 09, 2025î „Ravie LakshmananRansomware / Endpoint Security The threat actor known as Storm-0249 is likely shifting from its role as…