Critical React and Next.js Enables Remote Attackers to Execute Malicious Code
A critical security flaw in React and Next.js could let remote attackers run malicious code on servers without logging in. The issue affects React Server…
Category: CyberSecurityNews
Threat Actors Using Malicious VSCode Extension to Deploy Anivia Loader and OctoRAT
A fake Visual Studio Code extension has been used in a supply chain attack that targets developers through their editor. The rogue extension, named prettier-vscode-plus…
Malicious Rust Evm-Units Mimic as EVM Version Silently Executes OS-specific Payloads
The open-source software supply chain recently encountered a deceptive threat in the form of evm-units, a malicious Rust crate published by the author ablerust. Masquerading…
Hackers Using Calendly-Themed Phishing Attack to Steal Google Workspace Account
A sophisticated phishing campaign has emerged targeting business professionals with Calendly-themed emails, combining social engineering with advanced credential theft techniques. The attack specifically focuses on…
Hackers Can Weaponize Claude Skills to Execute MedusaLocker Ransomware Attack
A new feature in Anthropic’s Claude AI, known as Claude Skills, has been identified as a potential vector for ransomware attacks. This feature, designed to…
India’s New SIM-Binding Rule for WhatsApp, Signal, Telegram, and Other Messaging Platforms
India has implemented a mandatory SIM-binding requirement for messaging applications, including WhatsApp, Telegram, Signal, Snapchat, and others. The Department of Telecommunications issued a directive on…
Longwatch RCE Vulnerability Let Attackers Execute Remote Code With Elevated Privileges
A critical security vulnerability has been discovered in Industrial Video & Control’s Longwatch video surveillance system, allowing attackers to execute malicious code with elevated privileges…
29.7 Tbps DDoS Attack Via Aisuru botnet Breaks Internet With New World Record
A new 29.7 Tbps distributed denial-of-service (DDoS) blast from the Aisuru botnet has set a new world record for attack volume, underscoring how fragile core…
Hackers Exploit Critical Yearn Finance’s yETH Pool Vulnerability to Steal $9 Million in Ethereum
The decentralized finance sector witnessed a devastating breach targeting Yearn Finance’s yETH pool, resulting in the theft of approximately $9 million on November 30, 2025.…
K7 Antivirus Vulnerability Allows Attackers Gain SYSTEM-level Privileges
A serious privilege escalation vulnerability in K7 Ultimate Security, an antivirus product from K7 Computing, was found by abusing named pipes with overly permissive access…
Shai-Hulud 2.0 Malware Attack Compromised 30,000 Repositories and Stolen 500 GitHub Usernames and Tokens
A significant supply chain security breach has emerged with the discovery of Shai-Hulud 2.0, a sophisticated malware that has compromised over 30,000 GitHub repositories since…
Storm-0900 Hackers Leveraging Parking Ticket and Medical Test Themes in Massive Phishing Attack
On Thanksgiving eve, a sophisticated threat actor known as Storm-0900 launched a high-volume phishing campaign targeting users across the United States. Microsoft Threat Intelligence security…