10 posts were published in the last hour 8:4 : New Report Warns of 68% Of Actively Serving Phishing Kits Protected by CloudFlare 8:4 : New Scanner Tool for Detecting Exposed ReactJS and Next.js RSC Endpoints (CVE-2025-55182) 7:32 : CISOs,…
New Report Warns of 68% Of Actively Serving Phishing Kits Protected by CloudFlare
A new security report reveals a troubling reality about the state of online phishing operations. Recent research has uncovered over 42,000 validated URLs and domains actively serving phishing kits, command-and-control infrastructure, and malicious payload delivery systems. The scale and sophistication…
New Scanner Tool for Detecting Exposed ReactJS and Next.js RSC Endpoints (CVE-2025-55182)
A new security assessment tool has been released to help researchers and administrators identify React Server Components (RSC) endpoints potentially exposed to CVE-2025-55182. Developed as a lightweight by Pentester with the alias Fatguru, a non-intrusive Python script, the scanner offers…
CISOs, CIOs and Boards: Bridging the Cybersecurity Confidence Gap
New data shows 90% of NEDs lack confidence in cybersecurity value. CISOs and CIOs must translate cyber risk into business impact. The post CISOs, CIOs and Boards: Bridging the Cybersecurity Confidence Gap appeared first on Security Boulevard. This article has…
CIS, Astrix, and Cequence partner on new AI security guidance
The Center for Internet Security, Astrix Security, and Cequence Security announced a strategic partnership to develop new cybersecurity guidance tailored to the unique risks of AI and agentic systems. This collaborative initiative builds on the CIS Critical Security Controls (CIS…
SandboxAQ launches AI-SPM platform to expose shadow AI risks
SandboxAQ announced an AI-SPM offering that provides visibility into where AI is being used in organizations’ tech stacks and evaluates AI assets for exploitable weaknesses, insecure dependencies, and exposure risks such as prompt injection, data leakage, and unauthorized access. The…
Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts
Cloudflare on Wednesday said it detected and mitigated the largest ever distributed denial-of-service (DDoS) attack that measured at 29.7 terabits per second (Tbps). The activity, the web infrastructure and security company said, originated from a DDoS botnet-for-hire known as AISURU,…
What CISOs should know about SOC modernization
<p>Legacy SOC infrastructure can’t keep pace with the modern threat landscape, leaving SecOps teams overwhelmed and underprepared to face increasingly sophisticated and frequent cyber threats. Security alerts and malicious actors eventually slip through the cracks, putting organizations at risk of…
Critical React and Next.js Enables Remote Attackers to Execute Malicious Code
A critical security flaw in React and Next.js could let remote attackers run malicious code on servers without logging in. The issue affects React Server Components (RSC) and the “Flight” protocol used to send data between the browser and the…
Operation DupeHike Attacking Employees Using Weaponized Documents DUPERUNNER Malware
A sophisticated attack campaign known as Operation DupeHike has emerged as a significant threat to Russian corporate environments, specifically targeting employees within human resources, payroll, and administrative departments. The campaign, attributed to the threat group UNG0902, leverages carefully crafted decoy…
Smart grids are trying to modernize and attackers are treating it like an invitation
In this Help Net Security interview, Sonia Kumar, Senior Director Cyber Security at Analog Devices, discusses how securing decentralized smart grids demands a shift in defensive strategy. Millions of distributed devices are reshaping the attack surface, and she explains why…
How To Tell If Spyware Is Hiding On Your Phone And What To Do About It
Your smartphone stores personal conversations, financial data, photos, and daily movements. This concentration of information makes it attractive to attackers who rely on spyware. Spyware is malicious software that pretends to be a useful app while silently collecting information.…
AI vs. you: Who’s better at permission decisions?
A single tap on a permission prompt can decide how far an app reaches into a user’s personal data. Most of these calls happen during installation. The number of prompts keeps climbing, and that growing pressure often pushes people into…
A day in the life of the internet tells a bigger story
On any given day, the internet carries countless signals that hint at how networks behave behind the scenes. Researchers from RIPE NCC and several universities found a way to capture a detailed snapshot of that activity by studying one day…
Hackers Actively Exploit New Windows LNK 0-Day Vulnerability
A newly discovered security flaw in Windows shortcut files is being actively used by hackers to target diplomatic organisations. The vulnerability allows attackers to conceal malicious commands within shortcut files (.lnk), making them invisible to users. The Discovery and Initial…
Malicious VSCode Extension Deploys Anivia Loader and OctoRAT
In late November 2025, a sophisticated supply-chain attack leveraging the Visual Studio Code extension ecosystem came to light, demonstrating how threat actors are increasingly targeting developer tools to gain persistent access to high-value systems. On November 21, a malicious extension…
Unauthenticated RCE Found in React Server Components and Next.js (CVE-2025-55182 / CVE-2025-66478)
New disclosure of two high-severity vulnerabilities affecting React Server Components (RSC) and the Next.js framework. These flaws allow… The post Unauthenticated RCE Found in React Server Components and Next.js (CVE-2025-55182 / CVE-2025-66478) appeared first on Hackers Online Club. This article…
Threat Actors Using Malicious VSCode Extension to Deploy Anivia Loader and OctoRAT
A fake Visual Studio Code extension has been used in a supply chain attack that targets developers through their editor. The rogue extension, named prettier-vscode-plus and posing as the trusted Prettier formatter, appeared briefly in the official VSCode Marketplace before…
The quantum clock is ticking and businesses are still stuck in prep mode
Quantum computing is still years away from breaking current encryption, but many security teams are already worried about what happens when that moment arrives. A new report from the Trusted Computing Group (TCG) shows that most businesses say they grasp…
India Scraps Mandatory App Preinstall Following Industry Pushback
The reversal comes just 48 hours after reports surfaced that Apple refused to comply with the order to preload the government’s Sanchar Saathi app. The post India Scraps Mandatory App Preinstall Following Industry Pushback appeared first on TechRepublic. This article…
IT Security News Hourly Summary 2025-12-04 06h : 2 posts
2 posts were published in the last hour 5:4 : TLS 1.3 includes welcome improvements, but still allows long-lived secrets 4:6 : Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue
TLS 1.3 includes welcome improvements, but still allows long-lived secrets
Tricky tradeoffs are hard to avoid when designing systems, but the choice not to use LLMs for some tasks is clear Systems Approach As we neared the finish line for our network security book, I received a piece of feedback…
Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue
Introduction Despite extensive scrutiny and public reporting, commercial surveillance vendors continue to operate unimpeded. A prominent name continues to surface in the world of mercenary spyware, Intellexa. Known for its “Predator” spyware, the company was sanctioned by the US Government.…
ISC Stormcast For Thursday, December 4th, 2025 https://isc.sans.edu/podcastdetail/9724, (Thu, Dec 4th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, December 4th, 2025…