risk

December 16, 2025

Jaguar Land Rover Confirms August Cyberattack Led to Employee Data Theft

Jaguar Land Rover (JLR) has officially confirmed that a major cyberattack in August resulted in the theft of sensitive personal…
Read More »
December 16, 2025

ZnDoor Malware Actively Exploits React2Shell to Breach Network Infrastructure

Since December 2025, security operations centers have identified a rising threat targeting Japanese enterprises through the exploitation of React2Shell (CVE-2025-55182),…
Read More »
December 16, 2025

NVIDIA Merlin Vulnerabilities Allows Malicious Code Execution and DoS Attacks

NVIDIA has issued urgent security patches for its Merlin machine learning framework, addressing two high-severity deserialization vulnerabilities that could allow…
Read More »
December 15, 2025

EDR Process Sideloading to Conceal Malicious Activity

Initial access broker Storm-0249 has undergone a significant transformation, evolving from a mass phishing operation into a sophisticated threat actor…
Read More »
December 13, 2025

CISA Issues New Guidance for Securing UEFI Secure Boot on Enterprise Devices

The Cybersecurity and Infrastructure Security Agency (CISA) has issued critical guidance on managing UEFI Secure Boot configurations across enterprise systems,…
Read More »
December 13, 2025

Surge in Attacks Targeting RSC-Enabled Services Worldwide

In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React Server Components (RSC) that enables remote code execution (RCE), was publicly…
Read More »
December 12, 2025

Severe Flaws in React Server Components Enable DoS Attacks and Code Exposure

Recently, security researchers uncovered two new vulnerabilities in React Server Components, which put servers at risk of Denial-of-Service (DoS) attacks…
Read More »
December 12, 2025

644K+ Websites at Risk Due to Critical React Server Components Flaw

A critical vulnerability known as “React2Shell” has been identified by the Shadowserver Foundation, posing a significant threat to a massive…
Read More »
December 11, 2025

High-Risk Ivanti EPM Vulnerability Opens Door to Admin Session Hijacking

A critical stored cross-site scripting (XSS) vulnerability has been discovered in Ivanti Endpoint Manager (EPM), allowing unauthenticated attackers to hijack…
Read More »
December 8, 2025

Hackers Exploit Delivery Receipts in Messaging Apps to Steal Users’ Private Information

A severe security flaw has been uncovered, putting billions of WhatsApp and Signal users worldwide at risk of being secretly…
Read More »
December 8, 2025

LOLPROX Unveils Undetected Exploitation Routes for Stealthy Hypervisor Attacks

A new security analysis has unveiled “LOLPROX,” a comprehensive catalog of “Living Off The Land” (LOL) techniques specifically targeting Proxmox…
Read More »
December 6, 2025

2.15M Next.js Web Services Exposed Online, Active Attacks Reported

Security teams worldwide are rushing to patch systems after the disclosure of a critical React vulnerability, CVE-2025-55182, widely known as…
Read More »
December 4, 2025

New Scanner Released to Detect Exposed ReactJS and Next.js RSC Endpoints (CVE-2025-55182)

Security researchers have released a specialized scanning tool to identify vulnerable React Server Component (RSC) endpoints in modern web applications,…
Read More »
December 4, 2025

PickleScan Uncovers 0-Day Vulnerabilities Allowing Arbitrary Code Execution via Malicious PyTorch Models

JFrog Security Research has uncovered three critical zero-day vulnerabilities in PickleScan, a widely-adopted industry-standard tool for scanning machine learning models…
Read More »
December 4, 2025

Examining the Risk of AI-Assisted MedusaLocker Ransomware Attacks

Researchers at Cato CTRL have demonstrated that the feature, designed to streamline AI workflows, can be easily weaponized to deploy…
Read More »
December 3, 2025

AI Adoption Surges While Governance Lags — Report Warns of Growing Shadow Identity Risk

Baltimore, MD, December 2nd, 2025, CyberNewsWire The 2025 State of AI Data Security Report reveals a widening contradiction in enterprise…
Read More »
December 2, 2025

DevilsTongue Spyware Targets Windows Users Across Multiple Countries

Researchers at Insikt Group have uncovered new infrastructure linked to multiple operational clusters associated with Israeli spyware vendor Candiru, revealing…
Read More »
November 29, 2025

Poland Arrests Suspected Russian Hacker Targeting Local Organizations’ Networks

Polish authorities have made a significant move in their cybercrime enforcement efforts by detaining a Russian national suspected of conducting…
Read More »
November 28, 2025

Cybercriminals Register 18,000 Holiday-Themed Domains to Launch Seasonal Scams

The holiday season has always been a magnet for increased online activity, but 2025 marks a new high-water mark in…
Read More »
November 28, 2025

Microsoft Blocks External Scripts in Entra ID Logins to Boost Security

Microsoft has announced a significant security change to the Microsoft Entra ID sign-in experience that will block external scripts from…
Read More »

Previous page Next page