A critical vulnerability known as React2Shell allows unauthenticated attackers to achieve full remote code execution on React and Next.js servers. This flaw affects default RSC implementations and requires immediate patching to prevent severe compromise across modern web infrastructures.
Between 2024 and 2025, China-linked APT31 conducted a stealthy espionage campaign targeting Russian IT contractors and government integrators. The group masked its command-and-control using legitimate cloud services such as Yandex Cloud and OneDrive, deployed loaders like CloudyLoader via DLL side-loading, and maintained long dwell times within compromised networks. This article decodes APT31’s tool-kit, tactics and persistence model, and offers detection and response guidance for defenders.
A security incident involving the Trust Wallet Chrome extension shows how attackers can abuse browser extension architecture to compromise cryptocurrency wallets and silently expose user funds.
Intelliloan has notified customers of a March 2025 hack that exposed sensitive PII such as Social Security numbers, driver’s licenses, and financial data across its systems.
As organisations deploy hundreds of AI agents each year, security teams face unprecedented risk. This article outlines a robust framework to govern AI at scale, align speed with control and embed security from day one.
CISA has flagged CVE-2025-54253, a maximum-severity (CVSS 10.0) vulnerability in Adobe Experience Manager (AEM), as already under active attack. The root cause lies in how the /adminui/debug servlet misinterprets user-supplied OGNL expressions as Java code without authentication or validation. This flaw lets unauthenticated attackers execute system commands remotely. In this article, you’ll get the full technical breakdown, threat scenarios, detection strategies, mitigation plans, and best practices specific to AEM deployments.
Harrods informed loyalty program members of a data breach tied to a third-party provider. The luxury retailer is investigating and urging customer caution.
The U.S. Secret Service dismantled a massive telecom threat in New York City, seizing 100,000 SIM cards and 300 servers hidden across abandoned apartments. Authorities say the “imminent” campaign, discovered before the UN Assembly, could have crippled cellular services, government operations, and emergency systems. Investigators believe foreign threat actors used the network for covert communication with criminal enterprises
Japan is facing a cybersecurity crisis. A government review revealed hundreds of security incidents in 2024 alone, exposing systemic weaknesses across critical infrastructure. While Tokyo has introduced new laws to expand its defensive capabilities, experts warn that outdated systems and poor planning leave the nation vulnerable to both cybercriminals and nation-state hackers Scale of the…
The new LAMEHUG malware uses AI models from Hugging Face to generate Windows commands dynamically. It spreads through phishing, disguises itself as AI apps, and steals system data, documents, and credentials while adapting to different environments.