Half of the internet-facing systems vulnerable to a fast-moving React remote code execution flaw remain unpatched, even as exploitation has exploded into more than a dozen active attack clusters ranging from bargain-basement cryptominers to state-linked intrusion tooling. That's the assessment from Alon Schindel, VP of AI and Threat Research at Wiz, who says CVE-2025-55182 - the React server-side vulnerability dubbed "React2Shell" - is now being actively exploited at scale. READ MORE...
Fieldtex Products, a US company that provides contract sewing and medical supply fulfillment services, has disclosed a data breach after it was targeted by a notorious ransomware group. In a data security incident notice posted on its website on November 20, Fieldtex said it detected unauthorized access to its systems in mid-August. An investigation showed that hackers may have gained access to "a limited amount of protected health information". READ MORE...
CyberVolk, a pro-Russian hacktivist crew, is back after months of silence with a new ransomware service. There's some bad news and some good news here. First, the bad news: the CyberVolk 2.x (aka VolkLocker) ransomware-as-a-service operation that launched in late summer. It's run entirely through Telegram, which makes it very easy for affiliates that aren't that tech savvy to lock files and demand a ransom payment. READ MORE...
Notepad++ version 8.8.9 was released to fix a security weakness in its WinGUp update tool after researchers and users reported incidents in which the updater retrieved malicious executables instead of legitimate update packages. The first signs of this issue appeared in a Notepad++ community forum topic, where a user reported that Notepad++'s update tool spawned an unknown executable that executed commands to collect device information. READ MORE...
Free unofficial patches are available for a new Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager (RasMan) service. RasMan is a critical Windows system service that starts automatically, runs in the background with SYSTEM-level privileges, and manages VPN, Point-to-Point Protocol over Ethernet (PPoE), and other remote network connections. READ MORE...
Analyst firm Gartner has issued a blunt warning to organizations: Agentic AI browsers introduce serious new security risks and should be blocked "for the foreseeable future." The firm's advisory, entitled "Cybersecurity Must Block AI Browsers for Now", argues that AI browsers are currently favoring convenience over security and that organizations are not ready for the risks that they pose. READ MORE...
Utility-scale battery energy storage systems are facing heightened risks of attack from nation-state and criminal threat groups, and immediate action needs to be taken to secure critical industries from potential disruption, according to a white paper from Brattle Group and Dragos. BESS deployments are expected to grow between 20% and 45% over the next five years, driven by increased demand for data centers and other power requirements. READ MORE...
The US cybersecurity agency CISA on Thursday warned that threat actors have been exploiting a recent OSGeo GeoServer vulnerability in attacks. Tracked as CVE-2025-58360 (CVSS score of 9.8), the critical-severity bug is described as an XML External Entity (XXE) issue that could allow attackers to access arbitrary files, conduct SSRF attacks, or cause denial-of-service (DoS) conditions. READ MORE...