Latest Cybersecurity News and Articles
12 December 2025
The React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited, could result in denial-of-service (DoS) or source code exposure.
The team said the issues were found by the security community while attempting to exploit the patches released for CVE-2025-55182 (CVSS score: 10.0), a critical bug in RSC that has since been weaponized in
12 December 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to patch the recent React2Shell vulnerability by December 12, 2025, amid reports of widespread exploitation.
The critical vulnerability, tracked as CVE-2025-55182 (CVSS score: 10.0), affects the React Server Components (RSC) Flight protocol. The underlying cause of the issue is an unsafe deserialization
12 December 2025
Participants earned rewards at the hacking competition for Grafana, Linux Kernel, Redis, MariaDB, and PostgreSQL vulnerabilities.
The post $320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits appeared first on SecurityWeek.
12 December 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild.
The vulnerability in question is CVE-2025-58360 (CVSS score: 8.2), an unauthenticated XML External Entity (XXE) flaw that affects all versions prior to
11 December 2025
Members of Congress from both parties have pushed for more regulations on AI, saying there is not enough oversight for the powerful technology.
The post Trump Signs Executive Order to Block State AI Regulations appeared first on SecurityWeek.
11 December 2025
The past, present, and future of cybercrime. Brought to you by Evolution Equity Partners – Steve Morgan, Editor-In-Chief Sausalito, Calif. – Dec. 11, 2025 If it were measured as a country, then cybercrime — which is predicted to inflict damages totaling $10.5 trillion USD globally
The post 2025 Cybersecurity Almanac: 100 Facts, Figures, Predictions And Statistics appeared first on Cybercrime Magazine.
11 December 2025
Day two of the Cyber AI & Automation Summit kicks off at 11AM ET. If you weren't able to attend yesterday, all Day One sessions are already available on-demand.
The post Virtual Event Today: Cyber AI & Automation Summit Day 2 appeared first on SecurityWeek.
11 December 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 11, 2025 –Read the full story in KBI Media According to research from Cybersecurity Ventures, cybercrime is projected to cost the world $10.5 trillion annually by 2025, and attacks, especially ransomware, are now
The post The Odds Of Suffering A Data Breach appeared first on Cybercrime Magazine.
11 December 2025
Danielle Hillmer allegedly concealed the fact that her employer’s cloud platform did not meet DoD requirements.
The post Former Accenture Employee Charged Over Cybersecurity Fraud appeared first on SecurityWeek.
11 December 2025
Eleven companies took part in the evaluations and several have boasted 100% detection and coverage rates.
The post MITRE Posts Results of 2025 ATT&CK Enterprise Evaluations appeared first on SecurityWeek.
11 December 2025
This week’s cyber stories show how fast the online world can turn risky. Hackers are sneaking malware into movie downloads, browser add-ons, and even software updates people trust. Tech giants and governments are racing to plug new holes while arguing over privacy and control. And researchers keep uncovering just how much of our digital life is still wide open.
The new Threatsday Bulletin
11 December 2025
Cybersecurity researchers have disclosed details of a new fully-featured Windows backdoor called NANOREMOTE that uses the Google Drive API for command-and-control (C2) purposes.
According to a report from Elastic Security Labs, the malware shares code similarities with another implant codenamed FINALDRAFT (aka Squidoor) that employs Microsoft Graph API for C2. FINALDRAFT is attributed to a
11 December 2025
In April 2025, hackers stole personal information belonging to patrons and employees and their family members.
The post Pierce County Library Data Breach Impacts 340,000 appeared first on SecurityWeek.
11 December 2025
Cybersecurity companies have been seeing a wide range of malware being delivered in attacks exploiting the critical React vulnerability dubbed React2Shell. A researcher discovered recently that React, the popular open source library for creating application user interfaces, is affected by a critical vulnerability that can be exploited for unauthenticated remote code execution via specially crafted […]
The post Wide Range of Malware Delivered in React2Shell Attacks appeared first on SecurityWeek.
11 December 2025
The exploited flaw allows attackers to overwrite files outside the repository, leading to remote code execution.
The post Unpatched Gogs Zero-Day Exploited for Months appeared first on SecurityWeek.
11 December 2025
As enterprises refine their strategies for handling Non-Human Identities (NHIs), Robotic Process Automation (RPA) has become a powerful tool for streamlining operations and enhancing security. However, since RPA bots have varying levels of access to sensitive information, enterprises must be prepared to mitigate a variety of challenges. In large organizations, bots are starting to outnumber
11 December 2025
An advanced persistent threat (APT) known as WIRTE has been attributed to attacks targeting government and diplomatic entities across the Middle East with a previously undocumented malware suite dubbed AshTag since 2020.
Palo Alto Networks is tracking the activity cluster under the name Ashen Lepus. Artifacts uploaded to the VirusTotal platform show that the threat actor has trained its sights
11 December 2025
A high-severity unpatched security vulnerability in Gogs has come under active exploitation, with more than 700 compromised instances accessible over the internet, according to new findings from Wiz.
The flaw, tracked as CVE-2025-8110 (CVSS score: 8.7), is a case of file overwrite in the file update API of the Go-based self-hosted Git service. A fix for the issue is said to be currently in the
11 December 2025
Most of the 100 vulnerabilities resolved this week, including critical flaws, were in third-party dependencies.
The post IBM Patches Over 100 Vulnerabilities appeared first on SecurityWeek.
11 December 2025
The Chrome zero-day does not have a CVE and it's unclear who reported it and which browser component it affects.
The post Google Patches Mysterious Chrome Zero-Day Exploited in the Wild appeared first on SecurityWeek.