Session Cookie Theft and MFA Bypass Tactics
Security researchers are issuing urgent warnings about a rising wave of cyberattacks leveraging Evilginx, an attacker-in-the-middle phishing toolkit that intercepts login flows to steal session…
Month: December 2025
PoC Exploit Released for Critical React, Next.js RCE Vulnerability (CVE-2025-55182)
A proof-of-concept (PoC) exploit for CVE-2025-55182, a maximum-severity remote code execution (RCE) flaw in React Server Components, surfaced publicly this week, heightening alarms for developers…
Kohler’s Smart Toilet Camera Not Truly End-to-End Encrypted
Kohler’s Dekota toilet camera, launched in October as a $600 health-monitoring device, is facing significant scrutiny over its privacy claims. The device promises to track…
New iOS Zero-Day Exploit Chain Enables Advanced Surveillance by Mercenary Spyware
Despite extensive scrutiny and public reporting, commercial surveillance vendors continue to operate with alarming sophistication. Intellexa, a prominent mercenary spyware provider known for its “Predator”…
Chained Synology BeeStation Vulnerabilities Enable Root Privilege Escalation via Task Scheduler Exploit
While preparing for Pwn2Own Ireland 2025, a security researcher revisiting N-day bugs in Synology NAS has demonstrated a powerful new twist on an existing Synology…
New Phishing Campaign Impersonates India’s Income Tax Department to Distribute AsyncRAT
In November 2025, security researchers at Raven AI identified a sophisticated zero-day phishing campaign impersonating the Income Tax Department of India, targeting enterprises across the…
Threat Actors Exploit Foxit PDF Reader to Seize System Access and Steal Data
A sophisticated malware campaign is leveraging a weaponized Foxit PDF Reader to target job seekers through email-based attacks, deploying ValleyRAT. This remote access trojan grants…
‘Signalgate’ Inspector General Report Wants Just One Change to Avoid a Repeat Debacle
A United States Inspector General report publicly released today found that Secretary of Defense Pete Hegseth could have put US troops and military operations at…
Sen. Mark Kelly: Investing in safe, secure AI is key to U.S. dominance
Sen. Mark Kelly, D-Ariz., called for robust safeguards in U.S.-developed AI systems to prevent abuse and misuse, arguing that both the technology and its development …
Officials warn about expansive, ongoing China espionage threat riding on Brickstorm malware
Cybersecurity authorities and threat analysts unveiled alarming details Thursday about a suspected China state-sponsored espionage and data theft campaign that Google previously warned about in…
Hackers are exploiting ArrayOS AG VPN flaw to plant webshells
Threat actors have been exploiting a command injection vulnerability in Array AG Series VPN devices to plant webshells and create rogue users. Array Networks fixed…
SMS Phishers Pivot to Points, Taxes, Fake Retailers – Krebs on Security
China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in…