HealthcareInfoSecurity

Exploit Attempts Surge for React2Shell

Hacker interest is high in a days-old vulnerability in widely used web application framework React, with dozens of ...
Security Boulevard

Denial-of-Service and Source Code Exposure in React Server Components

In early December 2025, the React core team disclosed two new vulnerabilities affecting React Server Components (RSC). These issues – Denial-of-Service and Source Code Exposure were found by security ...
HealthcareInfoSecurity

Chinese Nation-State Groups Tied to 'React2Shell' Targeting

Warnings continue to mount over a critical vulnerability in the widely used web application framework React, with threat intelligence analysts warning that it's ...

Google links more Chinese hacking groups to React2Shell attacks

Over the weekend, ​Google's threat intelligence team linked five more Chinese hacking groups to attacks exploiting the ...
Infosecurity Magazine

New BeaverTail Malware Variant Linked to Lazarus Group

A new variant of the BeaverTail malware linked to North Korean hackers has been identified targeting cryptocurrency traders ...
ET CIO

Top 7 Penetration Testing Tools for Enterprises in 2025

Discover the top seven penetration testing tools essential for enterprises in 2025 to enhance security, reduce risks, and ensure compliance in an evolving cyber landscape. Learn about their core ...

Cloudflare says its WAF is already protecting users from new React security flaws: Here what it means

Cloudflare activates automatic WAF protection against a major React Server Components flaw as developers race to patch vulnerable systems worldwide.
The Hacker News

ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit — and 20 More Stories

The latest ThreatsDay Bulletin breaks down the week’s biggest stories — rootkits evading Windows, Docker leaks, AI risks and global surveillance moves ...
ZDNet

Use AI browsers? Be careful. This exploit turns trusted sites into weapons - here's how

Researchers disclosed a HashJack attack that manipulates AI browsers. Cato CTRL examined Comet, Copilot for Edge, and Gemini for Chrome. Could lead to data theft, phishing, and malware downloads.
WCBD

Beware of Fake QR Codes: Scammers Exploit Simple Technology to Steal Your Information

CHARLESTON, S.C. (WCBD) — QR codes are everywhere these days – on restaurant menus, parking meters, and even holiday shopping deals, but cybersecurity experts warn that scammers are taking advantage ...
Bleeping Computer

Glassworm malware returns in third wave of malicious VS Code packages

The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms. OpenVSX and ...
FOX40 News

Northern California police bring back ‘bait packages’ with GPS to catch porch pirates

(FOX40.COM) — A Northern California police department is bringing back a program that lures would-be porch pirates with strategically-placed packages equipped with a GPS tracker. • Video Above: What ...