⚡ Weekly Recap: USB Malware, React2Shell, WhatsApp Worms, AI IDE Bugs & More
It’s been a week of chaos in code and calm in headlines. A bug that broke the internet’s favorite framework, hackers chasing […]
How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year?
The holiday season compresses risk into a short, high-stakes window. Systems run hot, teams run lean, and attackers time automated campaigns to […]
Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features
Cybersecurity researchers have disclosed details of two new Android malware families dubbed FvncBot and SeedSnatcher, as another upgraded version of ClayRat has […]
Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks
A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence. […]
MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign
The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User Datagram Protocol […]
Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks
Over 30 security vulnerabilities have been disclosed in various artificial intelligence (AI)-powered Integrated Development Environments (IDEs) that combine prompt injection primitives with […]
Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React Server Components (RSC) to […]
Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch
A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity (XXE) injection attack. The […]
Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails
A new agentic browser attack targeting Perplexity’s Comet browser that’s capable of turning a seemingly innocuous email into a destructive action that […]
Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability
Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) within […]
Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery
A human rights lawyer from Pakistan’s Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the first time […]
“Getting to Yes”: An Anti-Sales Guide for MSPs
Most MSPs and MSSPs know how to deliver effective security. The challenge is helping prospects understand why it matters in business terms. […]