The FBI has issued a public service announcement warning that cybercriminals are impersonating the FBI’s Internet Crime Complaint Center (IC3) and even cloning its website to steal victims’ personal and financial data.Attackers are exploiting public trust in federal law…
Security News This Week: Oh Crap, Kohler’s Toilet Cameras Aren’t Really End-to-End Encrypted
Plus: The Trump administration declines to issue sanctions over Salt Typhoon’s hacking spree, officials warn of a disturbingly stealthy Chinese malware specimen, and more. This article has been indexed from Security Latest Read the original article: Security News This Week:…
Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React Server Components (RSC) to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild. The vulnerability, CVE-2025-55182 (CVSS…
Researchers Hack Google’s Gemini CLI Through Prompt Injections in GitHub Actions
A critical vulnerability class dubbed “PromptPwnd,” affects AI agents integrated into GitHub Actions and GitLab CI/CD pipelines. This flaw allows attackers to inject malicious prompts via untrusted user inputs like issue titles or pull request bodies, tricking AI models into…
KinoKong – 817,808 breached accounts
In March 2021, the Russian online streaming service KinoKong suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed over 800k unique email addresses along with names, usernames, IP addresses and…
Death to one-time text codes: Passkeys are the new hotness in MFA
Wanna know a secret? Whether you’re logging into your bank, health insurance, or even your email, most services today do not live by passwords alone. Now commonplace, multifactor authentication (MFA) requires users to enter a second or third proof of…
FvncBot Android Malware Steals Keystrokes and Injects Harmful Payloads
A newly discovered Android banking trojan, FvncBot, has emerged as a sophisticated threat targeting mobile banking users in Poland. Researchers from Intel 471 first identified this malware on November 25, 2025, disguised as a security application from mBank, one of…
2.15M Next.js Web Services Exposed Online, Active Attacks Reported – Update Immediately
Security teams worldwide are rushing to patch systems after the disclosure of a critical React vulnerability, CVE-2025-55182, widely known as “React2Shell.” The flaw affects React Server Components (RSC) and has a maximum CVSS score of 10, the highest possible rating,…
2.15M Web Services Running Next.js Exposed Over Internet, Active Exploitation Underway – Patch Now
A critical unauthenticated remote code execution vulnerability dubbed “React2Shell” is actively being exploited in the wild, putting millions of web services at risk. On December 3, React disclosed CVE-2025-55182, a critical flaw in React Server Components with a CVSS score…
Cybersecurity Today Month In Review – December 5th, 2025
Cybersecurity Today: The Rise of Living Off the Land Strategies & More In this episode of Cybersecurity Today’s Month in Review, host Jim Love is joined by Laura Payne from White Tuque and David Shipley from Beauceron Security. They discuss…
IT Security News Hourly Summary 2025-12-06 06h : 1 posts
1 posts were published in the last hour 4:11 : Avast Antivirus Sandbox Vulnerabilities Let Attackers Escalate Privileges
Avast Antivirus Sandbox Vulnerabilities Let Attackers Escalate Privileges
Security researchers from the SAFA team have uncovered four kernel heap overflow vulnerabilities in Avast Antivirus, all traced to the aswSnx kernel driver. The flaws, now tracked collectively as CVE-2025-13032, could allow a local attacker to escalate privileges to SYSTEM…
Maximum-severity XXE vulnerability discovered in Apache Tika
A maximum severity vulnerability in Apache Tika, tracked as CVE-2025-66516 (CVSS score of 10.0), allows XML external entity attacks. CVE-2025-66516 carries a maximum CVSS rating of 10.0 because it lets attackers trigger an XXE injection in Apache Tika’s core, PDF,…
New Prompt Injection Attack Vectors Through MCP Sampling
Model Context Protocol connects LLM apps to external data sources or tools. We examine its security implications through various attack vectors. The post New Prompt Injection Attack Vectors Through MCP Sampling appeared first on Unit 42. This article has been…
Command Execution Risk Found in Cacti’s SNMP Handling
A flaw in Cacti’s SNMP handling lets attackers execute arbitrary system commands. The post Command Execution Risk Found in Cacti’s SNMP Handling appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: Command…
Crims using social media images, videos in ‘virtual kidnapping’ scams
Proof of life? Or an active social media presence? Criminals are altering social media and other publicly available images of people to use as fake proof of life photos in “virtual kidnapping” and extortion scams, the FBI warned on Friday. ……
China Hackers Using Brickstorm Backdoor to Target Government, IT Entities
Chinese-sponsored groups are using the popular Brickstorm backdoor to access and gain persistence in government and tech firm networks, part of the ongoing effort by the PRC to establish long-term footholds in agency and critical infrastructure IT environments, according to…
State-linked groups target critical vulnerability in React Server Components
China-nexus threat groups have already begun targeting the flaw, creating widespread risk as nearly 40% of cloud environments are potentially impacted. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: State-linked groups target critical…
IT Security News Hourly Summary 2025-12-06 00h : 6 posts
6 posts were published in the last hour 22:55 : IT Security News Daily Summary 2025-12-05 22:32 : Reliability Isn’t a Feature. It’s a Commitment. 22:32 : MSL5 General Availability and MSL4 Product Retirement 22:31 : What is “React2Shell” (CVE-2025-55182)…
IT Security News Daily Summary 2025-12-05
135 posts were published in the last hour 22:32 : Reliability Isn’t a Feature. It’s a Commitment. 22:32 : MSL5 General Availability and MSL4 Product Retirement 22:31 : What is “React2Shell” (CVE-2025-55182) – in Plain English – and Why Check…
Reliability Isn’t a Feature. It’s a Commitment.
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Reliability Isn’t a Feature. It’s a Commitment.
MSL5 General Availability and MSL4 Product Retirement
Akamai Media Services Live 4 will be discontinued on December 31, 2026. The upgraded Akamai Media Services Live 5 is currently in general availability. This article has been indexed from Blog Read the original article: MSL5 General Availability and MSL4…
What is “React2Shell” (CVE-2025-55182) – in Plain English – and Why Check Point CloudGuard WAF Customers Carried on with Their Day
Note: Before we dive in, Check Point CloudGuard WAF customers were proactively protected and not affected by React2Shell. In early December 2025, the team behind React—the most widely used technology powering today’s websites and digital services—announced a critical security…
New Splunk Windows Flaw Enables Privilege Escalation Attacks
A Splunk Windows flaw lets local users overwrite protected files and escalate to SYSTEM. The post New Splunk Windows Flaw Enables Privilege Escalation Attacks appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original…