A sprawling academic cheating network turbocharged by Google Ads that has generated nearly $25 million in revenue has curious connections to a Kremlin-connected oligarch whose Russian university builds drones for Russia’s war against Ukraine. This article has been indexed from…
Critical React Server Components Vulnerability CVE-2025-55182: What Security Teams Need to Know
CVE-2025-55182 is a critical (CVSS 10.0) pre-authentication remote code execution vulnerability affecting React Server Components used in React.js, Next.js, and related frameworks (see the context section for a more exhaustive list of affected frameworks). This article has been indexed from…
IT Security News Hourly Summary 2025-12-06 15h : 4 posts
4 posts were published in the last hour 14:3 : The New Content Provenance Report Will Address GenAI Misinformation 13:32 : One Armed Hacker – Accessibility Hacking 13:32 : Chinese State Hackers Use New BRICKSTORM Malware Against VMware Systems 13:32…
The New Content Provenance Report Will Address GenAI Misinformation
The GenAI problem Today’s information environment includes a wide range of communication. Social media platforms have enabled reposting, and comments. The platform is useful for both content consumers and creators, but it has its own challenges. The rapid adoption of…
One Armed Hacker – Accessibility Hacking
Learning to work one-handed after shoulder surgery showed me how essential dictation, accessibility tools and AI really are day-to-day. This article has been indexed from ZephrSec – Adventures In Information Security Read the original article: One Armed Hacker – Accessibility…
Chinese State Hackers Use New BRICKSTORM Malware Against VMware Systems
CISA, NSA, and Canadian Cyber Centre warn that PRC state-sponsored hackers are using BRICKSTORM, a stealthy Go-based backdoor, for long-term espionage in Government and IT networks. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, Tech, AI,…
Balancing Rapid Innovation and Risk in the New Era of SaaS Security
The accelerating pace of technological innovation is leaving a growing number of organizations unwittingly exposing their organization to serious security risks as they expand their reliance on SaaS platforms and experiment with emerging agent-based AI algorithms in an effort…
FBI Warns of Cybercriminals Impersonating IC3 to Steal Personal Data
The FBI has issued a public service announcement warning that cybercriminals are impersonating the FBI’s Internet Crime Complaint Center (IC3) and even cloning its website to steal victims’ personal and financial data.Attackers are exploiting public trust in federal law…
Security News This Week: Oh Crap, Kohler’s Toilet Cameras Aren’t Really End-to-End Encrypted
Plus: The Trump administration declines to issue sanctions over Salt Typhoon’s hacking spree, officials warn of a disturbingly stealthy Chinese malware specimen, and more. This article has been indexed from Security Latest Read the original article: Security News This Week:…
Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React Server Components (RSC) to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild. The vulnerability, CVE-2025-55182 (CVSS…
Researchers Hack Google’s Gemini CLI Through Prompt Injections in GitHub Actions
A critical vulnerability class dubbed “PromptPwnd,” affects AI agents integrated into GitHub Actions and GitLab CI/CD pipelines. This flaw allows attackers to inject malicious prompts via untrusted user inputs like issue titles or pull request bodies, tricking AI models into…
KinoKong – 817,808 breached accounts
In March 2021, the Russian online streaming service KinoKong suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed over 800k unique email addresses along with names, usernames, IP addresses and…
Death to one-time text codes: Passkeys are the new hotness in MFA
Wanna know a secret? Whether you’re logging into your bank, health insurance, or even your email, most services today do not live by passwords alone. Now commonplace, multifactor authentication (MFA) requires users to enter a second or third proof of…
FvncBot Android Malware Steals Keystrokes and Injects Harmful Payloads
A newly discovered Android banking trojan, FvncBot, has emerged as a sophisticated threat targeting mobile banking users in Poland. Researchers from Intel 471 first identified this malware on November 25, 2025, disguised as a security application from mBank, one of…
2.15M Next.js Web Services Exposed Online, Active Attacks Reported – Update Immediately
Security teams worldwide are rushing to patch systems after the disclosure of a critical React vulnerability, CVE-2025-55182, widely known as “React2Shell.” The flaw affects React Server Components (RSC) and has a maximum CVSS score of 10, the highest possible rating,…
2.15M Web Services Running Next.js Exposed Over Internet, Active Exploitation Underway – Patch Now
A critical unauthenticated remote code execution vulnerability dubbed “React2Shell” is actively being exploited in the wild, putting millions of web services at risk. On December 3, React disclosed CVE-2025-55182, a critical flaw in React Server Components with a CVSS score…
Cybersecurity Today Month In Review – December 5th, 2025
Cybersecurity Today: The Rise of Living Off the Land Strategies & More In this episode of Cybersecurity Today’s Month in Review, host Jim Love is joined by Laura Payne from White Tuque and David Shipley from Beauceron Security. They discuss…
IT Security News Hourly Summary 2025-12-06 06h : 1 posts
1 posts were published in the last hour 4:11 : Avast Antivirus Sandbox Vulnerabilities Let Attackers Escalate Privileges
Avast Antivirus Sandbox Vulnerabilities Let Attackers Escalate Privileges
Security researchers from the SAFA team have uncovered four kernel heap overflow vulnerabilities in Avast Antivirus, all traced to the aswSnx kernel driver. The flaws, now tracked collectively as CVE-2025-13032, could allow a local attacker to escalate privileges to SYSTEM…
Maximum-severity XXE vulnerability discovered in Apache Tika
A maximum severity vulnerability in Apache Tika, tracked as CVE-2025-66516 (CVSS score of 10.0), allows XML external entity attacks. CVE-2025-66516 carries a maximum CVSS rating of 10.0 because it lets attackers trigger an XXE injection in Apache Tika’s core, PDF,…
New Prompt Injection Attack Vectors Through MCP Sampling
Model Context Protocol connects LLM apps to external data sources or tools. We examine its security implications through various attack vectors. The post New Prompt Injection Attack Vectors Through MCP Sampling appeared first on Unit 42. This article has been…
Command Execution Risk Found in Cacti’s SNMP Handling
A flaw in Cacti’s SNMP handling lets attackers execute arbitrary system commands. The post Command Execution Risk Found in Cacti’s SNMP Handling appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: Command…
Crims using social media images, videos in ‘virtual kidnapping’ scams
Proof of life? Or an active social media presence? Criminals are altering social media and other publicly available images of people to use as fake proof of life photos in “virtual kidnapping” and extortion scams, the FBI warned on Friday. ……
China Hackers Using Brickstorm Backdoor to Target Government, IT Entities
Chinese-sponsored groups are using the popular Brickstorm backdoor to access and gain persistence in government and tech firm networks, part of the ongoing effort by the PRC to establish long-term footholds in agency and critical infrastructure IT environments, according to…