New infosec products of the week: December 5, 2025
Here’s a look at the most interesting products from the past week, featuring releases from BlackFog, Datadog, Forward Edge-AI, SandboxAQ, and Upwind. BlackFog releases ADX…
Author: Cybernoz
China-Nexus Hackers Actively Exploiting React2Shell Vulnerability in The Wild
China-nexus threat groups are racing to weaponize the new React2Shell bug, tracked as CVE-2025-55182, only hours after its public disclosure. The flaw sits in React…
Session Cookie Theft and MFA Bypass Tactics
Security researchers are issuing urgent warnings about a rising wave of cyberattacks leveraging Evilginx, an attacker-in-the-middle phishing toolkit that intercepts login flows to steal session…
PoC Exploit Released for Critical React, Next.js RCE Vulnerability (CVE-2025-55182)
A proof-of-concept (PoC) exploit for CVE-2025-55182, a maximum-severity remote code execution (RCE) flaw in React Server Components, surfaced publicly this week, heightening alarms for developers…
Kohler’s Smart Toilet Camera Not Truly End-to-End Encrypted
Kohler’s Dekota toilet camera, launched in October as a $600 health-monitoring device, is facing significant scrutiny over its privacy claims. The device promises to track…
New iOS Zero-Day Exploit Chain Enables Advanced Surveillance by Mercenary Spyware
Despite extensive scrutiny and public reporting, commercial surveillance vendors continue to operate with alarming sophistication. Intellexa, a prominent mercenary spyware provider known for its “Predator”…
Chained Synology BeeStation Vulnerabilities Enable Root Privilege Escalation via Task Scheduler Exploit
While preparing for Pwn2Own Ireland 2025, a security researcher revisiting N-day bugs in Synology NAS has demonstrated a powerful new twist on an existing Synology…
New Phishing Campaign Impersonates India’s Income Tax Department to Distribute AsyncRAT
In November 2025, security researchers at Raven AI identified a sophisticated zero-day phishing campaign impersonating the Income Tax Department of India, targeting enterprises across the…
Threat Actors Exploit Foxit PDF Reader to Seize System Access and Steal Data
A sophisticated malware campaign is leveraging a weaponized Foxit PDF Reader to target job seekers through email-based attacks, deploying ValleyRAT. This remote access trojan grants…
‘Signalgate’ Inspector General Report Wants Just One Change to Avoid a Repeat Debacle
A United States Inspector General report publicly released today found that Secretary of Defense Pete Hegseth could have put US troops and military operations at…
Sen. Mark Kelly: Investing in safe, secure AI is key to U.S. dominance
Sen. Mark Kelly, D-Ariz., called for robust safeguards in U.S.-developed AI systems to prevent abuse and misuse, arguing that both the technology and its development …
Officials warn about expansive, ongoing China espionage threat riding on Brickstorm malware
Cybersecurity authorities and threat analysts unveiled alarming details Thursday about a suspected China state-sponsored espionage and data theft campaign that Google previously warned about in…