Cloudflare Outage Caused by React2Shell Mitigations 2025-12-05 at 17:57 By Eduard Kovacs The critical React vulnerability has been exploited in the wild by Chinese and other threat actors. The post Cloudflare Outage Caused by React2Shell Mitigations appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Cloudflare Outage Caused by React2Shell Mitigations Read More »
Chinese Hackers Exploiting React2Shell Vulnerability 2025-12-05 at 10:30 By Eduard Kovacs AWS has seen multiple China-linked threat groups attempting to exploit the React vulnerability CVE-2025-55182. The post Chinese Hackers Exploiting React2Shell Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Chinese Hackers Exploiting React2Shell Vulnerability Read More »
React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability 2025-12-04 at 12:11 By Eduard Kovacs A researcher has pointed out that only instances using a newer feature are impacted by CVE-2025-55182. The post React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability Read More »
Microsoft Silently Mitigated Exploited LNK Vulnerability 2025-12-03 at 14:35 By Ionut Arghire Windows now displays in the properties tab of LNK files critical information that could reveal malicious code. The post Microsoft Silently Mitigated Exploited LNK Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Microsoft Silently Mitigated Exploited LNK Vulnerability Read More »
Android’s December 2025 Updates Patch Two Zero-Days 2025-12-02 at 15:15 By Ionut Arghire Google warns that two out of the 107 vulnerabilities patched in Android this month have been exploited in limited, targeted attacks. The post Android’s December 2025 Updates Patch Two Zero-Days appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View
Android’s December 2025 Updates Patch Two Zero-Days Read More »
Facial Recognition’s Trust Problem 2025-12-01 at 21:01 By Kevin Townsend Two technologies — one for public safety, one for controlled entry — show why trust in facial recognition must be earned, not assumed. The post Facial Recognition’s Trust Problem appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Facial Recognition’s Trust Problem Read More »
CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack 2025-12-01 at 13:14 By Eduard Kovacs CISA has added CVE-2021-26829 to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack Read More »
OpenAI User Data Exposed in Mixpanel Hack 2025-11-27 at 14:42 By Eduard Kovacs Multiple Mixpanel customers were impacted by a recent cyberattack targeting the product analytics company. The post OpenAI User Data Exposed in Mixpanel Hack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
OpenAI User Data Exposed in Mixpanel Hack Read More »
Dartmouth College Confirms Data Theft in Oracle Hack 2025-11-26 at 10:15 By Eduard Kovacs Dartmouth College has disclosed a data breach after cybercriminals leaked over 226 Gb of files stolen from the university. The post Dartmouth College Confirms Data Theft in Oracle Hack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View
Dartmouth College Confirms Data Theft in Oracle Hack Read More »
Cox Confirms Oracle EBS Hack as Cybercriminals Name 100 Alleged Victims 2025-11-24 at 15:40 By Eduard Kovacs More than 1.6 Tb of data allegedly stolen from Cox was made public by the hackers. The post Cox Confirms Oracle EBS Hack as Cybercriminals Name 100 Alleged Victims appeared first on SecurityWeek. This article is an excerpt
Cox Confirms Oracle EBS Hack as Cybercriminals Name 100 Alleged Victims Read More »
SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability 2025-11-21 at 13:20 By Eduard Kovacs SquareX claims to have found a way to abuse a hidden Comet API to execute local commands, but Perplexity says the research is fake. The post SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability appeared first on SecurityWeek. This
SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability Read More »
Recent 7-Zip Vulnerability Exploited in Attacks 2025-11-20 at 13:09 By Ionut Arghire A proof-of-concept (PoC) exploit targeting the high-severity remote code execution (RCE) bug exists. The post Recent 7-Zip Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Recent 7-Zip Vulnerability Exploited in Attacks Read More »
Palo Alto Networks to Acquire Observability Platform Chronosphere in $3.35 Billion Deal 2025-11-20 at 04:32 By SecurityWeek News The move to acquire Chronosphere is the latest of several acquisitions in recent years and follows a massive $25 billion deal to acquire CyberArk. The post Palo Alto Networks to Acquire Observability Platform Chronosphere in $3.35 Billion
Palo Alto Networks to Acquire Observability Platform Chronosphere in $3.35 Billion Deal Read More »
Amazon Details Iran’s Cyber-Enabled Kinetic Attacks Linking Digital Spying to Physical Strikes 2025-11-19 at 20:16 By Eduard Kovacs Amazon threat intelligence experts have documented two cases in which Iran leveraged hacking to prepare for kinetic attacks. The post Amazon Details Iran’s Cyber-Enabled Kinetic Attacks Linking Digital Spying to Physical Strikes appeared first on SecurityWeek. This
Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week 2025-11-19 at 11:49 By Ionut Arghire An OS command injection flaw, the exploited zero-day allows attackers to execute arbitrary code on the underlying system. The post Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week appeared first on SecurityWeek. This article is an excerpt from SecurityWeek
Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week Read More »
Cloudflare Outage Not Caused by Cyberattack 2025-11-18 at 20:17 By Eduard Kovacs Major online services such as ChatGPT, X, and Shopify were disrupted in a, as well as transit and city services. The post Cloudflare Outage Not Caused by Cyberattack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Cloudflare Outage Not Caused by Cyberattack Read More »
Logitech Confirms Data Breach Following Designation as Oracle Hack Victim 2025-11-17 at 13:10 By Eduard Kovacs Logitech was listed on the Cl0p ransomware leak website in early November, but its disclosure does not mention Oracle. The post Logitech Confirms Data Breach Following Designation as Oracle Hack Victim appeared first on SecurityWeek. This article is an
Logitech Confirms Data Breach Following Designation as Oracle Hack Victim Read More »
Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability 2025-11-14 at 23:49 By Ionut Arghire Security firms say the flaw has been actively exploited for weeks, even as Fortinet quietly shipped fixes and CISA added the bug to its KEV catalog. The post Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability appeared first on SecurityWeek. This
Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability Read More »
Google Says Chinese ‘Lighthouse’ Phishing Kit Disrupted Following Lawsuit 2025-11-14 at 10:30 By Eduard Kovacs The cybercriminals informed customers that their cloud server was shut down due to complaints. The post Google Says Chinese ‘Lighthouse’ Phishing Kit Disrupted Following Lawsuit appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Google Says Chinese ‘Lighthouse’ Phishing Kit Disrupted Following Lawsuit Read More »
Cisco ISE, CitrixBleed 2 Vulnerabilities Exploited as Zero-Days: Amazon 2025-11-13 at 11:57 By Ionut Arghire Amazon has seen a threat actor exploiting CVE-2025-20337 and CVE-2025-5777, two critical Cisco and Citrix vulnerabilities, as zero-days. The post Cisco ISE, CitrixBleed 2 Vulnerabilities Exploited as Zero-Days: Amazon appeared first on SecurityWeek. This article is an excerpt from SecurityWeek
Cisco ISE, CitrixBleed 2 Vulnerabilities Exploited as Zero-Days: Amazon Read More »