JPCERT Confirms Active Command Injection Attacks on Array AG Gateways
Dec 05, 2025Ravie LakshmananVulnerability / Network Security A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited in the wild…
Latest Cybersecurity News — Page 853
View all →
WA makes its chief data officer permanent
The Western Australian government has made Natalia Kacperek its permanent chief data officer after two years acting in the role. Kacperek’s permanent appointment was made…
CISA, NSA Alert on BRICKSTORM Malware Targeting VMware ESXi and Windows Systems
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), joined by Canadian cyber authorities, have issued a joint alert warning of…
Data brokers are exposing medical professionals, and turning their personal lives into open files
Large amounts of personal information about medical professionals are available on people search sites. A new analysis by Incogni’s researchers shows how much data about…
NEXTDC to build AI campus and GPU “supercluster” in Sydney
NEXTDC will build an AI campus and GPU “supercluster” in Western Sydney that will power OpenAI’s services in Australia. From left to right: Federal Minister…
New Stealthy Linux Malware Combines Mirai-Derived DDoS Botnet and Fileless Cryptominer
Security researchers have uncovered a sophisticated Linux malware campaign that merges Mirai-derived DDoS botnet capabilities with a stealthy fileless cryptominer, representing a significant evolution in…
New infosec products of the week: December 5, 2025
Here’s a look at the most interesting products from the past week, featuring releases from BlackFog, Datadog, Forward Edge-AI, SandboxAQ, and Upwind. BlackFog releases ADX…
China-Nexus Hackers Actively Exploiting React2Shell Vulnerability in The Wild
China-nexus threat groups are racing to weaponize the new React2Shell bug, tracked as CVE-2025-55182, only hours after its public disclosure. The flaw sits in React…
Session Cookie Theft and MFA Bypass Tactics
Security researchers are issuing urgent warnings about a rising wave of cyberattacks leveraging Evilginx, an attacker-in-the-middle phishing toolkit that intercepts login flows to steal session…
PoC Exploit Released for Critical React, Next.js RCE Vulnerability (CVE-2025-55182)
A proof-of-concept (PoC) exploit for CVE-2025-55182, a maximum-severity remote code execution (RCE) flaw in React Server Components, surfaced publicly this week, heightening alarms for developers…
Kohler’s Smart Toilet Camera Not Truly End-to-End Encrypted
Kohler’s Dekota toilet camera, launched in October as a $600 health-monitoring device, is facing significant scrutiny over its privacy claims. The device promises to track…
New iOS Zero-Day Exploit Chain Enables Advanced Surveillance by Mercenary Spyware
Despite extensive scrutiny and public reporting, commercial surveillance vendors continue to operate with alarming sophistication. Intellexa, a prominent mercenary spyware provider known for its “Predator”…