React2Shell flaw (CVE-2025-55182) exploited for remote code execution
The availability of exploit code will likely lead to more widespread opportunistic attacks
Similar Posts
⚡ Weekly Recap: Bootkit Malware, AI-Powered Attacks, Supply Chain Breaches, Zero-Days & More
Bys sIn a world where threats are persistent, the modern CISO’s real job isn’t just to secure technology—it’s to preserve institutional trust and ensure business continuity. This week, we saw a clear pattern: adversaries are targeting the complex relationships that hold businesses together, from supply chains to strategic partnerships. With new regulations and the rise of…
Fortinet Confirms New Zero-Day Exploitation
Bys sFortinet patches critical vulnerabilities, including a zero-day that has been exploited in the wild since at least November 2024. The post Fortinet Confirms New Zero-Day Exploitation appeared first on SecurityWeek.
Darktrace to Acquire Incident Investigation Firm Cado Security
Bys sDarktrace has announced the proposed acquisition of UK-based incident investigation firm Cado Security, reportedly for up to $100 million. The post Darktrace to Acquire Incident Investigation Firm Cado Security appeared first on SecurityWeek.
Ex-student charged with wave of cyber attacks on Sydney uni
Bys sAdam Vidler reports: A former student has been charged over a series of cyber attacks on a Sydney university that affected hundreds of staff and students. Since 2021, Western Sydney University had suffered a series of cyber hacks involving unauthorised access, data exfiltration, system compromise and misuse of university infrastructure – including threatening the sale of student…
CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution
Bys sThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw impacting Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2023-52163 (CVSS score: 8.8), relates to a case of command injection that allows post-authentication remote code
Treasury agrees to block additional DOGE staff from accessing sensitive payment systems
Bys sSuzanne Smalley reports: The Treasury Department has agreed to temporarily block all but two members of the Trump administration’s Department of Government Efficiency (DOGE) team from accessing sensitive payment records and to limit their access to “read-only,” according to a Wednesday court filing. The DOGE workers allowed to continue accessing Treasury’s payment systems are Tom…