Command Injection Attacks on Array AG Gateways
05
Dec
2025

JPCERT Confirms Active Command Injection Attacks on Array AG Gateways

Dec 05, 2025Ravie LakshmananVulnerability / Network Security A command injection vulnerability in Array Networks AG Series secure access gateways has…

Allianz Life says majority of US customers' data stolen in hack
05
Dec
2025

WA makes its chief data officer permanent

The Western Australian government has made Natalia Kacperek its permanent chief data officer after two years acting in the role….

CISA, NSA Alert on BRICKSTORM Malware Targeting VMware ESXi and Windows Systems
05
Dec
2025

CISA, NSA Alert on BRICKSTORM Malware Targeting VMware ESXi and Windows Systems

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), joined by Canadian cyber authorities, have issued…

Data brokers are exposing medical professionals, and turning their personal lives into open files
05
Dec
2025

Data brokers are exposing medical professionals, and turning their personal lives into open files

Large amounts of personal information about medical professionals are available on people search sites. A new analysis by Incogni’s researchers…

NEXTDC to build AI campus and GPU
05
Dec
2025

NEXTDC to build AI campus and GPU “supercluster” in Sydney

NEXTDC will build an AI campus and GPU “supercluster” in Western Sydney that will power OpenAI’s services in Australia. From…

New Stealthy Linux Malware Combines Mirai-Derived DDoS Botnet and Fileless Cryptominer
05
Dec
2025

New Stealthy Linux Malware Combines Mirai-Derived DDoS Botnet and Fileless Cryptominer

Security researchers have uncovered a sophisticated Linux malware campaign that merges Mirai-derived DDoS botnet capabilities with a stealthy fileless cryptominer,…

New infosec products of the week: December 5, 2025
05
Dec
2025

New infosec products of the week: December 5, 2025

Here’s a look at the most interesting products from the past week, featuring releases from BlackFog, Datadog, Forward Edge-AI, SandboxAQ,…

China-Nexus Hackers Actively Exploiting React2Shell Vulnerability in The Wild
05
Dec
2025

China-Nexus Hackers Actively Exploiting React2Shell Vulnerability in The Wild

China-nexus threat groups are racing to weaponize the new React2Shell bug, tracked as CVE-2025-55182, only hours after its public disclosure….

Session Cookie Theft and MFA Bypass Tactics
05
Dec
2025

Session Cookie Theft and MFA Bypass Tactics

Security researchers are issuing urgent warnings about a rising wave of cyberattacks leveraging Evilginx, an attacker-in-the-middle phishing toolkit that intercepts…

PoC Exploit Released for Critical React, Next.js RCE Vulnerability (CVE-2025-55182)
05
Dec
2025

PoC Exploit Released for Critical React, Next.js RCE Vulnerability (CVE-2025-55182)

A proof-of-concept (PoC) exploit for CVE-2025-55182, a maximum-severity remote code execution (RCE) flaw in React Server Components, surfaced publicly this…

Kohler’s Smart Toilet Camera Not Truly End-to-End Encrypted
05
Dec
2025

Kohler’s Smart Toilet Camera Not Truly End-to-End Encrypted

Kohler’s Dekota toilet camera, launched in October as a $600 health-monitoring device, is facing significant scrutiny over its privacy claims….

New iOS Zero-Day Exploit Chain Enables Advanced Surveillance by Mercenary Spyware
05
Dec
2025

New iOS Zero-Day Exploit Chain Enables Advanced Surveillance by Mercenary Spyware

Despite extensive scrutiny and public reporting, commercial surveillance vendors continue to operate with alarming sophistication. Intellexa, a prominent mercenary spyware…