Security researchers on Wednesday warned about a critical vulnerability in React Server Components (RCS) and Next.js. The vulnerability, tracked as CVE-2025-55182, enables unauthenticated remote-code execution, stemming from unsafe deserialization of payloads that are sent to React Server Function endpoints. While the flaw originated in the React open source software's RCS protocol, it also has a downstream impact on Next.js applications. READ MORE...
Pharmaceutical company Inotiv is notifying over 9,500 individuals that their personal information was stolen in a data breach resulting from a ransomware attack. The incident occurred on August 8 and was blamed for causing disruptions to certain business operations and for preventing access to certain networks and systems, including internal data storage. In a December 3 filing with the SEC, the company revealed that it has restored access to its network and systems. READ MORE...
Financial software provider Marquis Software Solutions is warning that it suffered a data breach that impacted dozens of banks and credit unions across the US. Marquis Software Solutions provides data analytics, CRM tools, compliance reporting, and digital marketing services to over 700 banks, credit unions, and mortgage lenders. In data breach notifications filed with US Attorney General offices, Marquis says it suffered a ransomware attack on August 14, 2025. READ MORE...
What is account takeover fraud? Account takeover fraud (also known as ATO fraud) occurs when a malicious hacker or fraudster compromises and gains control of an account without legitimate authorisation. Typically the online account might be a bank account, email account, or social media profile that has been accessed after stealing login credentials through phishing, malware, a data breach, or social engineering. READ MORE...
The Russia-linked Star Blizzard APT earlier this year targeted French press freedom organization Reporters Without Borders (RSF), Sekoia reports. The attack occurred in March and was carried out via a phishing email targeting one of RSF's core members. Star Blizzard used a ProtonMail address and spoofed a recipient's trusted contact, asking them to review an attached document. The Russian hackers did not attach the document, and instead waited for the recipient to respond and ask for it. READ MORE...
Microsoft has quietly closed off a critical Windows shortcut file bug long abused by espionage and cybercrime networks. The flaw, tracked as CVE-2025-9491, allows malicious .lnk shortcut files to hide harmful command-line arguments from users, enabling hidden code execution when a victim opens the shortcut. Researchers at Trend Micro said in March that nearly a thousand malicious .lnk samples dating back to 2017 exploited this weakness across a mix of campaigns worldwide. READ MORE...
A sophisticated malware operation has infected 4.3 million Chrome and Edge browser users via malicious browser extensions that masqueraded as legitimate tools for years before being weaponized. The operators of the campaign have collected detailed browsing histories, search queries, and user credentials, while also establishing remote code execution (RCE) capabilities that allowed them to control hundreds of thousands of browsers. READ MORE...
A new wave of attacks is exploiting legitimate Remote Monitoring and Management (RMM) tools like LogMeIn Resolve (formerly GoToResolve) and PDQ Connect to remotely control victims' systems. Instead of dropping traditional malware, attackers trick people into installing these trusted IT support programs under false pretenses. Once installed, the tool gives attackers full remote access to the victim's machine, evading many conventional security detections because the software itself is legitimate. READ MORE...
Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025-8489) in the King Addons for Elementor plugin for WordPress, which lets them obtain administrative permissions during the registration process. The threat activity started on October 31, just a day after the issue was publicly disclosed. So far, the Wordfence security scanner from Defiant, a company that provides security services for WordPress websites, has blocked more than 48,400 exploit attempts. READ MORE...