Cybernews

View an ad an you’re cooked: Intellexa planted spyware with zero clicks

Intellexa used a zero-click exploit delivered through malicious ads to infect targets with its advanced Predator spyware and ...
Cybernews

Insuretech firm leaks millions of personal records, future travel data

Insuretech firm Companjon leaked millions of Kafka logs, exposing future travel itineraries, partner data, and sensitive ...

Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.

Critical vulnerability in React JS framework has a near 100% chance to be exploited

Researchers have uncovered a critical security flaw that could have catastrophic consequences for web and private cloud ...
SecurityWeek

React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability

Critical React vulnerability tracked as CVE-2025-55182 and React2Shell can be exploited for unauthenticated remote code ...

Shai-Hulud 2: New version of NPM worm also attacks low-code platforms

The attackers have learned from their mistakes and have now developed a more aggressive version of the worm. It has already stolen over 27,000 credentials.
Security Boulevard

Shai-Hulud: The Second Coming

While the September 2025 Shai-Hulud attack focused primarily on credential harvesting and self-propagation, this new variant introduces several critical capabilities that represent a fundamental shift ...

Awareness for Web Security: The OWASP Top Ten 2025

The first release candidate of the new OWASP Top Ten reveals the biggest security risks in web development – from ...