Security researchers have disclosed two new vulnerabilities in React Server Components that expose servers to Denial-of-Service (DoS) attacks and to source code leaks. These flaws were discovered while experts were analyzing the patches for last week’s critical “React2Shell” vulnerability. While…
Ashen Lepus Hacker Group Targets Eastern Diplomatic Entities with AshTag Malware Attack
An advanced persistent threat (APT) group with ties to Hamas has intensified its espionage operations against government and diplomatic entities across the Middle East, deploying a sophisticated new malware suite dubbed AshTag. The threat actor, tracked as Ashen Lepus (also known as WIRTE),…
Notepad++ Flaw Allows Attackers to Hijack Update Traffic and Deploy Malware
The development team behind the popular text editor Notepad++ has released version 8.8.9 to address a critical security flaw that could allow traffic hijacking. This vulnerability affects the software’s update mechanism, potentially allowing attackers to intercept network traffic and install…
Gogs 0-Day Actively Exploited to Compromise Over 700 Servers
Security researchers have identified an active zero-day vulnerability in Gogs, a widely used self-hosted Git service. The flaw has already resulted in the compromise of more than 700 servers publicly exposed on the internet. As of early December 2025, no…
Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity
If you don’t look inside your environment, you can’t know its true state – and attackers count on that This article has been indexed from WeLiveSecurity Read the original article: Locks, SOCs and a cat in a box: What Schrödinger…
Black Hat Europe 2025: Reputation matters – even in the ransomware economy
Being seen as reliable is good for ‘business’ and ransomware groups care about ‘brand reputation’ just as much as their victims This article has been indexed from WeLiveSecurity Read the original article: Black Hat Europe 2025: Reputation matters – even…
Half of exposed React servers remain unpatched amid active exploitation
Wiz says React2Shell attacks accelerating, ranging from cryptominers to state-linked crews Half of the internet-facing systems vulnerable to a fast-moving React remote code execution flaw remain unpatched, even as exploitation has exploded into more than a dozen active attack clusters…
U.S. CISA adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an OSGeo GeoServer flaw, tracked as CVE-2025-58360 (CVSS Score of 8.2), to its Known Exploited Vulnerabilities…
Turn me on, turn me off: Zigbee assessment in industrial environments
Kaspersky expert describes the Zigbee wireless protocol and presents two application-level attack vectors that allow Zigbee endpoints to be turned on and off. This article has been indexed from Securelist Read the original article: Turn me on, turn me off:…
Following the digital trail: what happens to data stolen in a phishing attack
Kaspersky experts detail the journey of the victims’ data after a phishing attack. We break down the use of email-based phishing kits, Telegram bots, and customized administration panels. This article has been indexed from Securelist Read the original article: Following…
From Breach Fatigue to Brand Loyalty: Winning Customer Confidence in an Era of Constant Threats
The Trust Crisis No One’s Talking About Every breach, leak, or phishing attack doesn’t just affect the targeted company—it reverberates across the broader consumer landscape. Each new headline chips away at public trust. As a result, businesses are no longer…
Apache Struts 2 DoS Vulnerability Let Attackers Crash Server
A critical denial-of-service vulnerability has been discovered in Apache Struts 2, affecting multiple versions of the popular web application framework. The vulnerability, identified as CVE-2025-64775, exploits a file leak in multipart request processing that can cause disk exhaustion and server…
Ashen Lepus Hacker Group Attacks Eastern Diplomatic Entities With New AshTag Malware
A Hamas‑affiliated threat group known as Ashen Lepus, also tracked as WIRTE, has launched a new espionage campaign against governmental and diplomatic entities across the Middle East. The group uses realistic Arabic‑language diplomatic lures that reference regional politics and security…
MITRE Releases Top 25 Most Dangerous Software Weaknesses of 2025
MITRE has unveiled its 2025 Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Weaknesses list, highlighting the root causes behind 39,080 Common Vulnerability and Exposure (CVE™) records this year. These prevalent flaws, which are often simple to detect and…
Beware of Fake Leonardo DiCaprio Movie Torrent File Drops Agent Tesla Malware
A new threat is targeting movie lovers who search for the latest films online. Cybercriminals are now using the popularity of Leonardo DiCaprio’s new film, One Battle After Another, to spread the dangerous Agent Tesla malware. What appears to be…
New BlackForce Phishing Kit Lets Attackers Steal Credentials Using MitB Attacks and Bypass MFA
A sophisticated phishing tool called BlackForce has emerged as a serious threat to organizations worldwide. First observed in August 2025, this professional-grade kit allows criminals to steal login information and bypass multi-factor authentication using advanced Man-in-the-Browser techniques. The tool is…
How private is your VPN?
After years of trying VPNs for myself, privacy-minded family members, and a few mission-critical projects, here’s what I wish everyone knew. This article has been indexed from Malwarebytes Read the original article: How private is your VPN?
$320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits
Participants earned rewards at the hacking competition for Grafana, Linux Kernel, Redis, MariaDB, and PostgreSQL vulnerabilities. The post $320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Notepad++ Patches Updater Flaw After Reports of Traffic Hijacking
Notepad++ found a vulnerability in the way the software updater authenticates update files. The post Notepad++ Patches Updater Flaw After Reports of Traffic Hijacking appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Notepad++…
Microsoft Bug Bounty Program Expanded to Third-Party Code
All critical vulnerabilities in Microsoft, third-party, and open source code are eligible for rewards if they impact Microsoft services. The post Microsoft Bug Bounty Program Expanded to Third-Party Code appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Hong Kong’s New Critical Infrastructure Ordinance will be effective by 1 January 2026 – What CIOs Need to Know
As the clock ticks down to the full enforcement of Hong Kong’s Protection of Critical Infrastructures (Computer Systems) Ordinance on January 1, 2026, designated operators of Critical Infrastructures (CI) and Critical Computer Systems (CCS) must act decisively. This landmark law…
How Root Cause Analysis Improves Incident Response and Reduces Downtime?
Security incidents don’t fail because of a lack of tools; they fail because of a lack of insight. In an environment where every minute of downtime equals revenue loss, customer impact, and regulatory risk, root cause analysis has become a…
AI Threat Detection: How Machines Spot What Humans Miss
Discover how AI strengthens cybersecurity by detecting anomalies, stopping zero-day and fileless attacks, and enhancing human analysts through automation. The post AI Threat Detection: How Machines Spot What Humans Miss appeared first on Security Boulevard. This article has been indexed…
FBI Alerts Public about Scammers Using Altered Online Photos to Stage Fake Kidnappings
The Federal Bureau of Investigation has issued a new advisory warning people about a growing extortion tactic in which criminals take photos posted online, manipulate them, and present the edited images as supposed evidence during fake kidnapping attempts. The…