Multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) affecting React and Next.js just hours after the max-severity issue was disclosed. […] Read More
A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited in the wild since August 2025, according to an alert issued by JPCERT/CC this week. The vulnerability, which does not have a CVE identifier, was addressed by the company on May 11, 2025. It’s rooted in Array’s DesktopDirect, a remote […]
AutoIT3[1] is a powerful language that helps to built nice applications for Windows environments, mainly to automate tasks. If it looks pretty old, the latest version was released last September and it remains popular amongst developers, for the good… or the bad! Malware written in AutoIt3 has existed since the late 2000s, when attackers realized […]
Remember when Apple put that U2 album in everyone’s music libraries? India wanted to do that to all of its citizens, but with a cybersecurity app. It wasn’t a good idea. Read More
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More
The Predator spyware from surveillance company Intellexa has been using a zero-click infection mechanism dubbed “Aladdin” that compromised specific targets when simply viewing a malicious advertisement. […] Read More
Transurban head of cyber defense Muhammad Ali Paracha shares how his team is automating the triaging and scoring of security threats as part of the Black Hat Middle East conference. Read More
It’s the best deal going in cybercrime: fully compromised websites belonging to high-value organizations, for just a couple hundred bucks each. Read More
The deal, believed to be valued at $1 billion, will bring non-human identity access control of agents and machines to ServiceNow’s offerings including its new AI Control Tower. Read More
The UK’s National Cyber Security Center (NCSC) announced the testing phase of a new service called Proactive Notifications, designed to inform organizations in the country of vulnerabilities present in their environment. […] Read More