A critical vulnerability (CVE-2025-55182) in React Server Components (RSC) may allow unauthenticated attackers to achieve remote code exection on the application server, the React development team warned on Wednesday. The maximum-severity vulnerability was privately reported by Lachlan Davidson and has…
Akamai Fixes HTTP Request Smuggling Flaw in Edge Servers
Akamai has fixed a vulnerability in its edge servers that could have allowed HTTP Request Smuggling attacks. The issue was entirely resolved on November 17, 2025, and the company says no action is needed from customers. The flaw is now…
Sryxen Malware Uses Headless Browser Trick to Bypass Chrome Protections
A new Windows-focused information stealer dubbed “Sryxen” is drawing attention in the security community for its blend of modern browser credential theft and unusually aggressive anti-analysis protections. Sold as malware-as-a-service (MaaS) and written in C++ for 64-bit Windows, Sryxen targets…
Vim for Windows Flaw Lets Attackers Execute Arbitrary Code
A high security vulnerability has been discovered in Vim for Windows that could allow attackers to run malicious code on affected systems. The flaw, tracked as CVE-2025-66476, affects Vim versions earlier than 9.1.1947 and received a high severity rating due…
New Scanner Released to Detect Exposed ReactJS and Next.js RSC Endpoints (CVE-2025-55182)
Security researchers have released a specialized scanning tool to identify vulnerable React Server Component (RSC) endpoints in modern web applications, addressing a critical gap in the detection of CVE-2025-55182. New Detection Approach Challenges Existing Security Assumptions A newly available Python-based…
PickleScan Uncovers 0-Day Vulnerabilities Allowing Arbitrary Code Execution via Malicious PyTorch Models
JFrog Security Research has uncovered three critical zero-day vulnerabilities in PickleScan, a widely-adopted industry-standard tool for scanning machine learning models and detecting malicious content. These vulnerabilities would enable attackers to completely bypass PickleScan’s malware detection mechanisms, potentially facilitating large-scale supply…
The Louisiana Department of Wildlife and Fisheries Is Detaining People for ICE
Louisiana’s hunting and wildlife authority is one of more than 1,000 state and local agencies that have partnered with US immigration authorities this year alone. This article has been indexed from Security Latest Read the original article: The Louisiana Department…
Personal Information Compromised in Freedom Mobile Data Breach
Freedom Mobile says hackers stole customers’ personal information from its account management platform. The post Personal Information Compromised in Freedom Mobile Data Breach appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Personal Information…
5 Threats That Reshaped Web Security This Year [2025]
As 2025 draws to a close, security professionals face a sobering realization: the traditional playbook for web security has become dangerously obsolete. AI-powered attacks, evolving injection techniques, and supply chain compromises affecting hundreds of thousands of websites forced a fundamental…
New ‘Sryxen’ Stealer Bypasses Chrome Encryption via Headless Browser Technique
A new information stealer called Sryxen has emerged in the underground malware market, targeting Windows systems with advanced techniques to harvest browser credentials and sensitive data. Sold as Malware-as-a-Service, this C++ based threat demonstrates how modern stealers are adapting to…
Hackers Using Evilginx to Steal Session Cookies and Bypass Multi-Factor Authentication Tokens
A sophisticated phishing toolkit known as Evilginx is empowering attackers to execute advanced attacker-in-the-middle (AiTM) campaigns with alarming success. These attacks are engineered to steal temporary session cookies, allowing threat actors to sidestep the critical security layer provided by multi-factor…
Marquis Data Breach Impacts Over 780,000 People
The compromised personal and financial information includes names, addresses, Social Security numbers, and card numbers. The post Marquis Data Breach Impacts Over 780,000 People appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Marquis…
IT Security News Hourly Summary 2025-12-04 12h : 7 posts
7 posts were published in the last hour 11:4 : Fintech Marquis Says Ransomware Attackers Stole Customer Data 11:4 : Skills Shortages Trump Headcount as Critical Cyber Challenge 10:32 : OpenAI Declares ‘Code Red’ On ChatGPT Quality 10:32 : Microsoft…
Fintech Marquis Says Ransomware Attackers Stole Customer Data
Texas-based Marquis says ransomware attackers stole financial data on hundreds of thousands of US consumer banking customers This article has been indexed from Silicon UK Read the original article: Fintech Marquis Says Ransomware Attackers Stole Customer Data
Skills Shortages Trump Headcount as Critical Cyber Challenge
ISC2 report reveals 59% of global organizations have critical or significant skills shortages This article has been indexed from www.infosecurity-magazine.com Read the original article: Skills Shortages Trump Headcount as Critical Cyber Challenge
OpenAI Declares ‘Code Red’ On ChatGPT Quality
OpenAI tells staff it will focus on improving ChatGPT quality while pushing back other efforts, as Google, Anthropic catch up This article has been indexed from Silicon UK Read the original article: OpenAI Declares ‘Code Red’ On ChatGPT Quality
Microsoft Silently Fixes 8-Year Windows Security Flaw
The flaw, tracked as CVE-2025-9491, allowed cybercriminals to hide malicious commands from users inspecting files through Windows’ standard interface. The post Microsoft Silently Fixes 8-Year Windows Security Flaw appeared first on TechRepublic. This article has been indexed from Security Archives…
React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability
A researcher has pointed out that only instances using a newer feature are impacted by CVE-2025-55182. The post React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Top Apple Designer Leaves To Join Meta
Apple’s head of user interface design Alan Dye quits to head new design team at Meta Platforms as Facebook parent focuses on wearables This article has been indexed from Silicon UK Read the original article: Top Apple Designer Leaves To…
Cloudflare mitigates record 29.7 Tbps DDoS attack by the AISURU botnet
Cloudflare blocked a record 29.7 Tbps DDoS attack from the AISURU botnet. The 69-second attack set a new high, though the target remains undisclosed. Cloudflare stopped a record 29.7 Tbps DDoS attack from the AISURU botnet, a 69-second barrage that…
Kohler’s Encrypted Smart Toilet Camera is not Actually end-to-end Encrypted
Kohler’s $600 smart toilet camera system, marketed with promises of “end-to-end encryption,” does not actually implement the security standard as commonly understood in the cybersecurity industry, raising significant privacy concerns for users uploading intimate health data to the company’s servers.…
Akamai Patches HTTP Request Smuggling Vulnerability in Edge Servers
A critical HTTP request smuggling vulnerability in Akamai’s edge server infrastructure has been successfully fixed. The vulnerability, identified as CVE-2025-66373, stemmed from improper processing of HTTP requests containing invalid chunk-encoded bodies, potentially exposing thousands of customers to sophisticated attacks. Understanding…
Vim for Windows Vulnerability Let Attackers Execute Arbitrary Code
A critical security vulnerability has been discovered in Vim for Windows that could allow attackers to execute malicious code on users’ computers. The vulnerability, identified as CVE-2025-66476, affects Vim versions before 9.1.1947 and has been rated high severity, with a…
Hackers Actively Exploiting Worpress Plugin Vulnerability to Execute Remote Code
A critical remote code execution vulnerability in the Sneeit Framework WordPress plugin has come under active exploitation by threat actors, posing an immediate risk to thousands of websites worldwide. The vulnerability, tracked as CVE-2025-6389 with a CVSS score of 9.8,…