A sophisticated cybercrime infrastructure operating for over fourteen years has been dismantled through extensive research into Indonesia’s illegal gambling networks. Security researchers have uncovered a sprawling ecosystem spanning hundreds of thousands of domains, thousands of malicious mobile applications, and widespread…
Tag: Cyber Security News
Hundreds of Porsche Cars Immobilized Following Malfunction in Installed Satellite Security System
Owners of hundreds of Porsche vehicles across Russia are facing a sudden crisis: their high-performance cars have been rendered completely undrivable due to a widespread malfunction in the German automaker’s factory-installed alarm systems. Reports from the Rolf dealership network, Russia’s…
Pharma Firm Inotiv Confirms Data Breach Following Ransomware Attack
A leading contract research organization specializing in pharmaceutical drug discovery and development services disclosed a significant data breach stemming from a ransomware attack that occurred in early August 2025. The Inotiv company announced the cybersecurity incident in its fiscal 2025…
Shanya EDR Killer Leveraged by Ransomware Groups to Clear the Way for Ransomware Infection
The cybercriminal landscape has recently witnessed the aggressive rise of “Shanya,” a potent packer-as-a-service and EDR killer now fueling major ransomware operations. Emerging on underground forums in late 2024 under the alias “VX Crypt,” this tool was engineered to supersede…
Crypto User Loses $9,000 in Seconds After Clicking Instagram Ad Promising Easy Profits
Jack, a Solana enthusiast using the Phantom wallet, fell victim to a sophisticated crypto drainer scam that wiped out $9,000 from his wallet almost instantly. He informed Cybersecurity News that the incident began with an attractive Instagram advertisement touting quick…
Critical Vulnerabilities in GitHub Copilot, Gemini CLI, Claude, and Other Tools Impact Millions of Users
The software development landscape has been fundamentally altered by AI-driven integrated development environments (IDEs). Tools like GitHub Copilot, Gemini CLI, and Claude Code have evolved from simple autocompletion engines into autonomous agents capable of executing tasks. However, this rapid pursuit…
Next.js Released a Scanner to Detect and Update Apps Impacted by React2Shell Vulnerability
A dedicated command-line tool, fix-react2shell-next, to help developers immediately detect and patch the critical “React2Shell” vulnerability (CVE-2025-66478). This new scanner offers a one-line solution to identify vulnerable versions of Next.js and React Server Components (RSC). Automatically apply the required security updates…
Malicious Go Packages Mimic as Google’s UUID Library to Exfiltrate Sensitive Data
Security researchers have uncovered a long-running supply chain attack targeting the Go programming community. The Socket Threat Research Team recently identified two malicious packages. github.com/bpoorman/uuid and github.com/bpoorman/uid. That has been silently stealing data from unsuspecting developers for years. The attack relies on…
Critical React2Shell RCE Vulnerability Exploited in the Wild to Execute Malicious Code
A critical remote code execution vulnerability, tracked as CVE-2025-55182 and dubbed “React2Shell,” is now under active exploitation in the wild. GreyNoise researchers have detected opportunistic, largely automated exploitation attempts targeting the unsafe deserialization flaw in the React Server Components Flight…
Predator Spyware Compamy Used 15 Zero-Days Since 2021 to Target iOS Users
A commercial spyware company called Intellexa has exploited 15 zero-day vulnerabilities since 2021 to target iOS and Android users worldwide. The company, known for developing the Predator spyware, continues operations despite being sanctioned by the US government. The threats remain…
NETREAPER Offensive Security Toolkit That Wraps 70+ Penetration Testing Tools
A unified offensive security toolkit, NETREAPER, developed by OFFTRACKMEDIA Studios, consolidates over 70 penetration testing tools into a single, user-friendly command-line interface. This innovation eliminates the chaos of juggling multiple terminals, forgetting syntax, and managing disparate tools. Before NETREAPER, penetration…
Cybersecurity News Weekly Newsletter – 29.7 Tbps DDoS Attack, Chrome 143, React2Shell Vulnerabilities, and Cloudflare Outage
This week’s cybersecurity landscape featured a record-breaking 29.7 Tbps DDoS attack on a financial institution, leveraging IoT botnets and UDP floods that overwhelmed European networks until mitigated via BGP blackholing by Cloudflare and Akamai, highlighting the need for 5G device…
LockBit 5.0 Infrastructure Exposed in New Server, IP, and Domain Leak
LockBit 5.0 key infrastructure exposed, revealing the IP address 205.185.116.233, and the domain karma0.xyz is hosting the ransomware group’s latest leak site. According to researcher Rakesh Krishnan, hosted under AS53667 (PONYNET, operated by FranTech Solutions), a network frequently abused for…
Hackers Launch Widespread Attacks on Palo Alto GlobalProtect Portals from 7,000+ IPs
In an escalating campaign targeting remote access infrastructure, threat actors have initiated active exploitation attempts against Palo Alto Networks’ GlobalProtect VPN portals. GrayNoise tracking activity report scans and exploitation efforts originating from more than 7,000 unique IP addresses worldwide, raising…
New FvncBot Android Banking Attacking Users to Log Keystrokes and Inject Malicious Payloads
A dangerous new Android banking malware named FvncBot was first observed on November 25, 2025. This malicious tool is designed to steal sensitive financial information by logging keystrokes, recording screens, and injecting fake login pages into banking apps. The malware initially spreads…
Researchers Hack Google’s Gemini CLI Through Prompt Injections in GitHub Actions
A critical vulnerability class dubbed “PromptPwnd,” affects AI agents integrated into GitHub Actions and GitLab CI/CD pipelines. This flaw allows attackers to inject malicious prompts via untrusted user inputs like issue titles or pull request bodies, tricking AI models into…
2.15M Web Services Running Next.js Exposed Over Internet, Active Exploitation Underway – Patch Now
A critical unauthenticated remote code execution vulnerability dubbed “React2Shell” is actively being exploited in the wild, putting millions of web services at risk. On December 3, React disclosed CVE-2025-55182, a critical flaw in React Server Components with a CVSS score…
Avast Antivirus Sandbox Vulnerabilities Let Attackers Escalate Privileges
Security researchers from the SAFA team have uncovered four kernel heap overflow vulnerabilities in Avast Antivirus, all traced to the aswSnx kernel driver. The flaws, now tracked collectively as CVE-2025-13032, could allow a local attacker to escalate privileges to SYSTEM…
AWS Execution Roles Enable Subtle Privilege Escalation in SageMaker and EC2
A persistent privilege escalation technique in AWS that allows attackers with limited permissions to execute code under higher-privileged execution roles on EC2 instances and SageMaker notebook instances. First documented by Grzelak in 2016 for EC2, the method exploits modifiable boot-time…
Russian Calisto Hackers Target NATO Research Sectors with ClickFix Malicious Code
Russian-backed threat actors continue their sophisticated cyber espionage operations against Western institutions through advanced phishing tactics. Calisto, a Russia-nexus intrusion set attributed to the Russian FSB’s Center 18 for Information Security (military unit 64829), has emerged as a persistent threat…