A new malware campaign called PCPcat has successfully compromised more than 59,000 servers in under 48 hours through targeted exploitation of critical vulnerabilities in Next.js and React frameworks. The malware targets Next.js deployments by exploiting two critical vulnerabilities, CVE-2025-29927 and…
Hackers Steal Personal Data in 700Credit Breach Affecting 5.6 Million
A data breach of credit reporting and ID verification services firm 700Credit affected 5.6 million people, allowing hackers to steal personal information of customers of the firm’s client companies. 700Credit executives said the breach happened after bad actors compromised the…
Featured Chrome Browser Extension Caught Intercepting Millions of Users’ AI Chats
A Google Chrome extension with a “Featured” badge and six million users has been observed silently gathering every prompt entered by users into artificial intelligence (AI)-powered chatbots like OpenAI ChatGPT, Anthropic Claude, Microsoft Copilot, DeepSeek, Google Gemini, xAI Grok, Meta…
China, Iran are having a field day with React2Shell, Google warns
Who hasn’t exploited this max-severity flaw? At least five more Chinese spy crews, Iran-linked goons, and financially motivated criminals are now attacking the React2Shell, a maximum-severity flaw in the widely used React JavaScript library, according to Google.… This article has…
Threat Actors Advertising ‘MioLab MacOS’ Infostealer on an Underground Forum
A new malware threat targeting macOS users has emerged on underground cybercrime forums, with threat actors marketing a sophisticated information-stealing tool called “MioLab MacOS.” This resident infostealer comes equipped with a web-based control panel and customizable settings, making it an…
JumpCloud Remote Assist for Windows Agent Flaw Let Attackers Escalate Privilege
The JumpCloud Remote Assist vulnerability (CVE-2025-34352) exposes Windows systems to local privilege escalation and denial-of-service attacks. Discovered by XM Cyber researcher Hillel Pinto, the flaw stems from insecure file operations in the agent’s uninstaller. The JumpCloud Remote Assist for Windows…
Jaguar Land Rover Confirms Employee Data Stolen in August Cyberattack
Jaguar Land Rover (JLR), the iconic British luxury automaker, has finally disclosed that a cyberattack in August compromised sensitive data on current and former employees. This marks the company’s first public acknowledgment of the breach’s scope, following a production shutdown…
xHunt APT Hackers Attacking Microsoft Exchange and IIS Web Servers to Deploy Custom Backdoors
The xHunt advanced persistent threat group has firmly established itself as a sophisticated cyber-espionage actor, orchestrating targeted campaigns against organizations in Kuwait. Since its emergence in 2018, the group has focused intently on the government, shipping, and transportation sectors. Their…
Militant Groups Are Experimenting With AI, and the Risks Are Expected to Grow
AI can be used by extremist groups to pump out propaganda or deepfakes at scale, widening their reach and expanding their influence. The post Militant Groups Are Experimenting With AI, and the Risks Are Expected to Grow appeared first on…
Neo AI Browser: How Norton’s AI-Driven Browser Aims to Change Everyday Web Use
Web browsers are increasingly evolving beyond basic internet access, and artificial intelligence is becoming a central part of that shift. Neo, an AI-powered browser developed by Norton, is designed to combine browsing, productivity tools, and security features within a…
IT Security News Hourly Summary 2025-12-15 18h : 12 posts
12 posts were published in the last hour 17:2 : GitHub Scanner for React2Shell (CVE-2025-55182) Turns Out to Be Malware 17:2 : Third Defendant Pleads Guilty in Fantasy Sports Betting Hack Case 17:2 : Cybersecurity concerns are paramount among executives…
GitHub Scanner for React2Shell (CVE-2025-55182) Turns Out to Be Malware
A GitHub repository posing as a vulnerability scanner for CVE-2025-55182, also referred to as “React2Shell,” was exposed as… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the original article: GitHub Scanner for…
Third Defendant Pleads Guilty in Fantasy Sports Betting Hack Case
A Minnesota man has pleaded guilty to a credential stuffing scheme that compromised over 60,000 accounts This article has been indexed from www.infosecurity-magazine.com Read the original article: Third Defendant Pleads Guilty in Fantasy Sports Betting Hack Case
Cybersecurity concerns are paramount among executives in almost all roles, regions and industries
A new survey finds widespread agreement that security is one of the biggest challenges facing companies today. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Cybersecurity concerns are paramount among executives in almost…
Microsoft Recent Update Breaks VPS Access for Windows Subsystem for Linux Users
Microsoft’s October 2025 non-security update is disrupting virtual private server (VPS) access for Windows Subsystem for Linux (WSL) users, particularly those relying on third-party VPNs for enterprise connectivity. Released on October 28, 2025, as KB5067036, the update targets OS builds…
Critical pgAdmin Vulnerability Let Attackers Execute Shell Commands on the Host
A severe security vulnerability has been uncovered in pgAdmin 4, the popular open-source PostgreSQL database management tool. Tracked as CVE-2025-13780, this critical flaw allows attackers to bypass security filters and execute arbitrary shell commands on the host server. The issue…
Apache StreamPark Vulnerability Let Attackers Access Sensitive Data
A critical security vulnerability has been discovered in Apache StreamPark that could allow attackers to decrypt sensitive information and gain unauthorized system access. The vulnerability stems from the use of a hard-coded encryption key in the application, which enables threat…
NVIDIA Merlin Vulnerabilities Let Attackers Execute Malicious Code and Trigger DoS Condition
Security patches for the Merlin framework addressing two high-severity deserialization vulnerabilities. That could allow attackers to execute arbitrary code and launch denial-of-service attacks on affected Linux systems. NVIDIA researchers have identified two vulnerabilities in Merlin components that leverage insecure deserialization.…
New Android Malware Frogblight Mimics as Official Government Websites to Collect SMS and Device Details
A sophisticated Android banking Trojan named Frogblight has emerged as a significant threat targeting Turkish users, employing deceptive tactics to steal banking credentials and personal data. Discovered in August 2025, this malware initially disguised itself as an application for accessing…
Pig butchering is the next “humanitarian global crisis” (Lock and Code S06E25)
This week on the Lock and Code podcast, we speak with Erin West about pig butchering scams and the efforts to stop this new, global crisis. This article has been indexed from Malwarebytes Read the original article: Pig butchering is…
Cloud Monitor Wins Cybersecurity Product of the Year 2025
Campus Technology & THE Journal Name Cloud Monitor as Winner in the Cybersecurity Risk Management Category BOULDER, Colo.—December 15, 2025—ManagedMethods, the leading provider of cybersecurity, safety, web filtering, and classroom management solutions for K-12 schools, is pleased to announce that…
ServiceNow in Advanced Talks to Acquire Armis for $7 Billion: Reports
ServiceNow Inc. is in advanced talks to acquire cybersecurity startup Armis in a deal that could reach $7 billion, its largest ever, according to reports. Bloomberg News first reported the discussions over the weekend, noting that an announcement could come…
CISOs view hybrid environments as best way to manage risk, compliance
Security leaders are also focused on the convergence of IT and operational technology as business continuity becomes a major concern. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: CISOs view hybrid environments as…
Atlassian fixed maximum severity flaw CVE-2025-66516 in Apache Tika
Atlassian released security updates to address dozens of flaws, including multiple critical-severity vulnerabilities. Atlassian addressed dozens of vulnerabilities impacting its products, including multiple critical-severity issues. One of the most severe bugs is a maximum-severity XML External Entity (XXE) injection flaw, tracked…