Researchers with Google Threat Intelligence Group have detected five China-nexus threat groups exploiting the maximum-security React2Shell security flaw to drop a number of malicious payloads, from backdoors to downloaders to tunnelers. The post Google Finds Five China-Nexus Groups Exploiting React2Shell…
Cryptomining campaign targeting Amazon EC2 and Amazon ECS
Amazon GuardDuty and our automated security monitoring systems identified an ongoing cryptocurrency (crypto) mining campaign beginning on November 2, 2025. The operation uses compromised AWS Identity and Access Management (IAM) credentials to target Amazon Elastic Container Service (Amazon ECS) and…
Azure CLI Trust Abused in ConsentFix Account Takeovers
ConsentFix abuses trusted Azure CLI OAuth flows to hijack Microsoft accounts without passwords or MFA. The post Azure CLI Trust Abused in ConsentFix Account Takeovers appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the…
Analytics provider: We didn’t expose smut site data to crims
An employee of the adult site could be responsible. Analytics vendor Mixpanel says it is not the source of data stolen from Pornhub and says the info was last accessed by an employee of the adult site.… This article has…
APT-C-35 Infrastructure Activity Leveraged Using Apache HTTP Response Indicators
A significant discovery in threat intelligence reveals that APT-C-35, commonly known as DoNot, continues to maintain an active infrastructure footprint across the internet. Security researchers have identified new infrastructure clusters linked to this India-based threat group, which has long been…
Browser ‘privacy’ extensions have eye on your AI, log all your chats
More than 8 million people have installed extensions that eavesdrop on chatbot interactions Ad blockers and VPNs are supposed to protect your privacy, but four popular browser extensions have been doing just the opposite. According to research from Koi Security,…
Code Execution in Jupyter Notebook Exports
After our research on Cursor, in the context of developer-ecosystem security, we turn our attention to the Jupyter ecosystem. We expose security risks we identified in the notebook’s export functionality, in the default Windows environment, to help organizations better protect…
NDSS 2025 – Selective Data Protection against Memory Leakage Attacks for Serverless Platforms
Session 6B: Confidential Computing 1 Authors, Creators & Presenters: Maryam Rostamipoor (Stony Brook University), Seyedhamed Ghavamnia (University of Connecticut), Michalis Polychronakis (Stony Brook University) PAPER LeakLess: Selective Data Protection against Memory Leakage Attacks for Serverless Platforms As the use of…
IT Security News Hourly Summary 2025-12-16 21h : 5 posts
5 posts were published in the last hour 19:32 : Microsoft Details Mitigations Against React2Shell RCE Vulnerability in React Server Components 19:32 : Hackers Can Manipulate Internet-Based Solar Panel Systems to Execute Attacks in Minutes 19:32 : LLMs are Accelerating…
Microsoft Details Mitigations Against React2Shell RCE Vulnerability in React Server Components
Microsoft has released comprehensive mitigations for a critical vulnerability dubbed React2Shell (CVE-2025-55182), which poses severe risks to React Server Components and Next.js environments. With a maximum CVSS score of 10.0, this pre-authentication remote code execution flaw allows threat actors to…
Hackers Can Manipulate Internet-Based Solar Panel Systems to Execute Attacks in Minutes
A new class of internet-based attacks is turning solar power infrastructure into a high‑risk target, allowing hackers to disrupt energy production in minutes using nothing more than open ports and free tools. Modern solar farms rely on networked operational technology,…
LLMs are Accelerating the Ransomware Operations with Functional Tools and RaaS
The integration of Large Language Models (LLMs) into ransomware operations marks a pivotal shift in the cybercrime landscape, functioning as a potent operational accelerator rather than a fundamental revolution. This technology dramatically lowers barriers to entry, enabling even low-skill actors…
Russian Hackers Attacking Network Edge Devices in Western Critical Infrastructure
A Russian state-sponsored hacking group has been targeting network edge devices in Western critical infrastructure since 2021, with operations intensifying throughout 2025. The campaign, linked to Russia’s Main Intelligence Directorate (GRU) and the notorious Sandworm group, represents a major shift…
Veza Extends Reach to Secure and Govern AI Agents
Veza has added a platform to its portfolio that is specifically designed to secure and govern artificial intelligence (AI) agents that might soon be strewn across the enterprise. Currently in the process of being acquired by ServiceNow, the platform is…
SantaStealer stuffs credentials, crypto wallets into a brand new bag
All I want for Christmas … is all of your data A new, modular infostealer called SantaStealer, advertised on Telegram with a basic tier priced at $175 per month, promises to make criminals’ Christmas dreams come true. It boasts that…
From Open Source to OpenAI: The Evolution of Third-Party Risk
From open source libraries to AI-powered coding assistants, speed-driven development is introducing new third-party risks that threat actors are increasingly exploiting. The post From Open Source to OpenAI: The Evolution of Third-Party Risk appeared first on SecurityWeek. This article has…
How test data generators support compliance and data privacy
Whether you’re generating data from scratch or transforming sensitive production data, performant test data generators are critical tools for achieving compliance in development workflows. The post How test data generators support compliance and data privacy appeared first on Security Boulevard.…
Amazon: Russian GRU hackers favor misconfigured devices over vulnerabilities
Amazon Threat Intelligence reports Russian GRU hackers are increasingly breaking into critical infrastructure by abusing misconfigured devices instead of exploiting software vulnerabilities. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the original…
Android vs. iPhone: Which one is more secure?
<p>Android and iOS devices differ in a few ways, and security is one area where these differences affect organizations most.</p> <p>The choice between iPhones and Android devices has long been an issue of debate among IT departments looking to ensure…
SantaStealer Joins the Naughty List of New Infostealers
SantaStealer is a new malware-as-a-service infostealer that steals credentials and data using largely in-memory techniques. The post SantaStealer Joins the Naughty List of New Infostealers appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the…
Güralp Systems Fortimus Series, Minimus Series, and Certimus Series
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. The following versions of Güralp Systems Fortimus Series, Minimus Series, and Certimus Series are affected: Fortimus Series (CVE-2025-14466) Minimus Series (CVE-2025-14466) Certimus Series…
Johnson Controls PowerG, IQPanel and IQHub
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to read or write encrypted traffic or perform a replay attack. The following versions of Johnson Controls PowerG, IQPanel and IQHub are affected: PowerG (CVE-2025-61738, CVE-2025-61739, CVE-2025-26379, CVE-2025-61740)…
Hitachi Energy AFS, AFR and AFF Series
View CSAF Summary Successful exploitation of this vulnerability could compromise the integrity of the product data and disrupt its availability. The following versions of Hitachi Energy AFS, AFR and AFF Series are affected: AFS 660-B/C/S (CVE-2024-3596) AFS 665-B/S (CVE-2024-3596) AFS…
Mitsubishi Electric GT Designer3
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker obtain plaintext credentials from the project file for GT Designer3, which could result in illegally operating GOT2000 and GOT1000 series devices. The following versions of Mitsubishi Electric GT…