We discuss the CVSS 10.0-rated RCE vulnerability in the Flight protocol used by React Server Components. This is tracked as CVE-2025-55182. The post Exploitation of Critical Vulnerability in React Server Components (Updated December 10) appeared first on Unit 42. This…
What makes smart secrets management essential?
How Are Non-Human Identities Revolutionizing Cybersecurity? Have you ever considered the pivotal role that Non-Human Identities (NHIs) play in cyber defense frameworks? When businesses increasingly shift operations to the cloud, safeguarding these machine identities becomes paramount. But what exactly are…
How does Agentic AI empower cybersecurity teams?
Can Agentic AI Revolutionize Cybersecurity Practices? Where digital threats consistently challenge organizations, how can cybersecurity teams leverage innovations to bolster their defenses? Enter the concept of Agentic AI—a technology that could serve as a powerful ally in the ongoing battle…
IT Security News Hourly Summary 2025-12-11 00h : 2 posts
2 posts were published in the last hour 23:2 : Fortinet fixed two critical authentication-bypass vulnerabilities 22:55 : IT Security News Daily Summary 2025-12-10
Fortinet fixed two critical authentication-bypass vulnerabilities
Fortinet patched 18 flaws, including two authentication-bypass bugs affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager with FortiCloud SSO enabled. Fortinet addressed 18 vulnerabilities, including two authentication-bypass flaws, tracked as CVE-2025-59718 and CVE-2025-59719 (CVSS score of 9.1), affecting FortiOS, FortiWeb, FortiProxy, and…
IT Security News Daily Summary 2025-12-10
157 posts were published in the last hour 22:2 : 700+ self-hosted Gits battered in 0-day attacks with no fix imminent 21:32 : Releasing Open Source Tools to the Community 21:31 : CEO of South Korean retail giant Coupang resigns…
700+ self-hosted Gits battered in 0-day attacks with no fix imminent
More than half of internet-exposed instances already compromised Attackers are actively exploiting a zero-day bug in Gogs, a popular self-hosted Git service, and the open source project doesn’t yet have a fix.… This article has been indexed from The Register…
Releasing Open Source Tools to the Community
Every now and then, I get contacted by someone who tells me that they used the open source tools I’ve released in either a college course they took, or in a course provided by one of the many training vendors in…
CEO of South Korean retail giant Coupang resigns after massive data breach
The massive data breach at the South Korean retail giant Coupang affects more than half of the country’s population. This article has been indexed from Security News | TechCrunch Read the original article: CEO of South Korean retail giant Coupang…
SafeSplit: A Novel Defense Against Client-Side Backdoor Attacks In Split Learning
Session 5C: Federated Learning 1 Authors, Creators & Presenters: Phillip Rieger (Technical University of Darmstadt), Alessandro Pegoraro (Technical University of Darmstadt), Kavita Kumari (Technical University of Darmstadt), Tigist Abera (Technical University of Darmstadt), Jonathan Knauer (Technical University of Darmstadt), Ahmad-Reza…
HTTPS certificate industry phasing out less secure domain validation methods
Posted by Chrome Root Program Team Secure connections are the backbone of the modern web, but a certificate is only as trustworthy as the validation process and issuance practices behind it. Recently, the Chrome Root Program and the CA/Browser Forum…
React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors
React2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server Components (RSC) to deliver cryptocurrency miners and an array of previously undocumented malware families, according to new findings from Huntress. This includes a…
Torrent for DiCaprio’s “One Battle After Another” Movie Drops Agent Tesla
Bitdefender researchers warn that the torrent for Leonardo DiCaprio’s One Battle After Another is a trap deploying Agent Tesla malware. Learn how the fileless LOTL attack targets unsuspecting Windows users. This article has been indexed from Hackread – Cybersecurity News,…
IT Security News Hourly Summary 2025-12-10 21h : 5 posts
5 posts were published in the last hour 20:2 : How Migrating to Hardened Container Images Strengthens the Secure Software Development Lifecycle 20:2 : .NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL 19:32…
How Migrating to Hardened Container Images Strengthens the Secure Software Development Lifecycle
Container images are the key components of the software supply chain. If they are vulnerable, the whole chain is at risk. This is why container image security should be at the core of any Secure Software Development Lifecycle (SSDLC) program.…
.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL
New research has uncovered exploitation primitives in the .NET Framework that could be leveraged against enterprise-grade applications to achieve remote code execution. WatchTowr Labs, which has codenamed the “invalid cast vulnerability” SOAPwn, said the issue impacts Barracuda Service Center RMM,…
NIST Plans to Build Threat and Mitigation Taxonomy for AI Agents
The U.S. National Institute of Standards and Technology (NIST) is building a taxonomy of attack and mitigations for securing artificial intelligence (AI) agents. Speaking at the AI Summit New York conference, Apostol Vassilev, a research team supervisor for NIST, told…
Response to CISA Advisory (AA25-343A): Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure
AttackIQ has issued recommendations in response to the Cybersecurity Advisory (CSA) released by the Cybersecurity and Infrastructure Security Agency (CISA) on December 9, 2025, which details the ongoing targeting of critical infrastructure by pro-Russia hacktivists. The post Response to CISA…
From awareness to action: Building a security-first culture for the agentic AI era
The insights gained from Cybersecurity Awareness Month, right through to Microsoft Ignite 2025, demonstrate that security remains a top priority for business leaders. The post From awareness to action: Building a security-first culture for the agentic AI era appeared first…
AISLE Uncovers Traefik Bug That Disabled TLS Verification for Months
A Traefik misconfiguration disabled TLS checks across Kubernetes clusters. The post AISLE Uncovers Traefik Bug That Disabled TLS Verification for Months appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: AISLE Uncovers…
New Spiderman Phishing Kit Lets Attackers Create Malicious Bank Login Pages in Few Clicks
A sophisticated new phishing framework dubbed “Spiderman” has emerged in the cybercrime underground, dramatically lowering the barrier to entry for financial fraud. This toolkit, observed by Varonis, allows threat actors, even those with minimal technical skill, to spin up pixel-perfect…
Over 644,000 Domains Exposed to Critical React Server Components Vulnerability
The Shadowserver Foundation has released alarming new data regarding the exposure of web applications to CVE-2025-55182, a critical vulnerability affecting React Server Components. Following significant improvements to their scanning methodologies, researchers have identified a massive attack surface comprising over 165,000…
Critical Ivanti EPM Vulnerability Allows Admin Session Hijacking via Stored XSS
A critical stored cross-site scripting vulnerability in Ivanti Endpoint Manager (“EPM”) versions 2024 SU4 and below, that could enable attackers to hijack administrator sessions without authentication. The vulnerability, identified as CVE-2025-10573, has been assigned a CVSS score of 9.6 and…
Microsoft won’t fix .NET RCE bug affecting slew of enterprise apps, researchers say
Devs and users should know better, Microsoft tells watchTowr Security researchers have revealed a .NET security flaw thought to affect a host of enterprise-grade products that they say Microsoft refuses to fix.… This article has been indexed from The Register…