SandboxAQ launches AI-SPM platform to expose shadow AI risks
SandboxAQ announced an AI-SPM offering that provides visibility into where AI is being used in organizations’ tech stacks and evaluates AI assets for exploitable weaknesses,…
Month: December 2025
Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts
Dec 04, 2025Ravie LakshmananDDoS Attacks / Network Security Cloudflare on Wednesday said it detected and mitigated the largest ever distributed denial-of-service (DDoS) attack that measured…
New Scanner Tool for Detecting Exposed ReactJS and Next.js RSC Endpoints (CVE-2025-55182)
A new security assessment tool has been released to help researchers and administrators identify React Server Components (RSC) endpoints potentially exposed to CVE-2025-55182. Developed as…
Smart grids are trying to modernize and attackers are treating it like an invitation
In this Help Net Security interview, Sonia Kumar, Senior Director Cyber Security at Analog Devices, discusses how securing decentralized smart grids demands a shift in…
Operation DupeHike Attacking Employees Using Weaponized Documents DUPERUNNER Malware
A sophisticated attack campaign known as Operation DupeHike has emerged as a significant threat to Russian corporate environments, specifically targeting employees within human resources, payroll,…
Hackers Actively Exploit New Windows LNK 0-Day Vulnerability
A newly discovered security flaw in Windows shortcut files is being actively used by hackers to target diplomatic organisations. The vulnerability allows attackers to conceal…
AI vs. you: Who’s better at permission decisions?
A single tap on a permission prompt can decide how far an app reaches into a user’s personal data. Most of these calls happen during…
Critical React and Next.js Enables Remote Attackers to Execute Malicious Code
A critical security flaw in React and Next.js could let remote attackers run malicious code on servers without logging in. The issue affects React Server…
Malicious VSCode Extension Deploys Anivia Loader and OctoRAT
In late November 2025, a sophisticated supply-chain attack leveraging the Visual Studio Code extension ecosystem came to light, demonstrating how threat actors are increasingly targeting…
The quantum clock is ticking and businesses are still stuck in prep mode
Quantum computing is still years away from breaking current encryption, but many security teams are already worried about what happens when that moment arrives. A…
Threat Actors Using Malicious VSCode Extension to Deploy Anivia Loader and OctoRAT
A fake Visual Studio Code extension has been used in a supply chain attack that targets developers through their editor. The rogue extension, named prettier-vscode-plus…
Fujitsu appoints Kendy Hau as Head of Defence, Oceania
Fujitsu has appointed Kendy Hau (pictured) as its new Head of Defence for Oceania, bringing more than 20 years of experience across Defence, national security…