New React RSC Vulnerabilities Enable DoS and Source Code Exposure
Dec 12, 2025Ravie LakshmananSoftware Security / Vulnerability The React team has released fixes for two new types of flaws in React Server Components (RSC) that,…
Category: TheHackerNews
CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog
Dec 12, 2025Ravie LakshmananVulnerability / Server Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer…
NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems
Dec 11, 2025Ravie LakshmananCyber Espionage / Windows Security Cybersecurity researchers have disclosed details of a new fully-featured Windows backdoor called NANOREMOTE that uses the Google…
The Impact of Robotic Process Automation (RPA) on Identity and Access Management
Dec 11, 2025The Hacker NewsAutomation / Compliance As enterprises refine their strategies for handling Non-Human Identities (NHIs), Robotic Process Automation (RPA) has become a powerful…
WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor
Dec 11, 2025Ravie LakshmananCyberwarfare / Threat Intelligence An advanced persistent threat (APT) known as WIRTE has been attributed to attacks targeting government and diplomatic entities…
Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks
Dec 11, 2025Ravie LakshmananVulnerability / Cloud Security A high-severity unpatched security vulnerability in Gogs has come under active exploitation, with more than 700 compromised instances…
Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw
Dec 11, 2025Ravie LakshmananZero-Day / Vulnerability Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said…
Active Attacks Exploit Gladinet’s Hard-Coded Keys for Unauthorized Access and Code Execution
Dec 11, 2025Ravie LakshmananVulnerability / Encryption Huntress is warning of a new actively exploited vulnerability in Gladinet’s CentreStack and Triofox products stemming from the use…
React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors
React2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server Components (RSC) to deliver cryptocurrency miners and an…
.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL
Dec 10, 2025Ravie LakshmananEnterprise Security / Web Services New research has uncovered exploitation primitives in the .NET Framework that could be leveraged against enterprise-grade applications…
Three PCIe Encryption Weaknesses Expose PCIe 5.0+ Systems to Faulty Data Handling
Dec 10, 2025Ravie LakshmananHardware Security / Vulnerability Three security vulnerabilities have been disclosed in the Peripheral Component Interconnect Express (PCIe) Integrity and Data Encryption (IDE)…
How Attackers Exploit Cloud Misconfigurations Across AWS, AI Models, and Kubernetes
Dec 10, 2025The Hacker NewsCloud Security / Threat Detection Cloud security is changing. Attackers are no longer just breaking down the door; they are finding…