Security experts have observed a steady increase in malicious activity from a widening pool of attackers seeking to exploit React2Shell, a critical vulnerability disclosed last week in React Server Components. Authorities are also responding to heightened concern about the defect, with the Cybersecurity and Infrastructure Security Agency shortening the deadline for agencies to patch the vulnerability to Friday. READ MORE...
Hacktivist groups supporting the Russian government are trying to breach critical infrastructure using low-level tactics that could nonetheless cause serious harm, the U.S. and its allies said on Tuesday. Cyber Army of Russia Reborn, Sector16, NoName057(16) and Z-Pentest have exploited poorly secured remote connections to industrial equipment to hack organizations in the energy, food and agriculture and water sectors. READ MORE...
Pierce County Library System (PCLS) is notifying over 340,000 people that their personal information was compromised in a data breach. Between April 15 and April 21, 2025, threat actors accessed PCLS's network and stole certain data from its systems, the public library says. "Upon discovering the issue, PCLS immediately commenced an investigation to confirm the nature and scope, and to identify what information could have been affected," PCLS says in an incident notice on its website. READ MORE...
Docker Hub has quietly become a treasure trove of live cloud keys and credentials, with more than 10,000 public container images exposing sensitive secrets from over 100 companies, including a Fortune 500 firm and a major bank. That's according to security watchers at Canadian cybersecurity firm Flare, which, in its analysis of Docker Hub images uploaded in November 2025, says it uncovered 10,456 containers leaking one or more secrets READ MORE...
Google issued an extra patch for a security vulnerability in Chrome that is being actively exploited, and it's urging users to update. The patch fixes two flaws in Chrome's V8 engine, and for one of them Google says an exploit already exists in the wild. Both issues are described as "type confusion" vulnerabilities in the V8 JavaScript engine. These occur when Chrome doesn't verify the object type it's handling and then uses it incorrectly. READ MORE...
A newly discovered Android malware dubbed DroidLock can lock victims' screens for ransom and access text messages, call logs, contacts, audio recordings, or even erase data. DroidLLock allows its operator to take complete control of the device via the VNC sharing system and can steal the device lock pattern by placing an overlay on the screen. According to researchers at mobile security company Zimperium, the malware targets Spanish-speaking users and is distributed through malicious websites. READ MORE...
A new attack uses SEO poisoning and popular AI models to deliver infostealer malware, all while leveraging legitimate domains. ClickFix attacks have gained significant popularity over the past year, using otherwise benign CAPTCHA-style prompts to lure users into a false sense of security and then tricking them into executing malicious prompts against themselves. READ MORE...
An unpatched zero-day vulnerability in Gogs, a popular self-hosted Git service, has enabled attackers to gain remote code execution on Internet-facing instances and compromise hundreds of servers. Written in Go and designed as an alternative to GitLab or GitHub Enterprise, Gogs is also often exposed online for remote collaboration. CVE-2025-8110, the Gogs RCE vulnerability exploited in these attacks, stems from a path traversal weakness in the PutContents API. READ MORE...
Artificial intelligence (AI) agents are a breeze to create using Microsoft Copilot Studio, and almost just as easy to manipulate into divulging sensitive corporate data. Despite broad security concerns about AI agents, last year, Microsoft decided to allow even totally nontechnical users to deploy their own autonomous bots. There's a certain lack of shock factor, then, in a new Tenable report detailing just how insecure these agents can be. READ MORE...