News

React2Shell flaw (CVE-2025-55182) exploited for remote code execution

Bys s January 14, 2026

The availability of exploit code will likely lead to more widespread opportunistic attacks

Tags: Threat Research, Featured, vulnerability, react2shell

News

DOGE accused of copying entire Social Security database to insecure cloud system
Bys s August 26, 2025

Jon Brodkin reports: A Social Security Administration (SSA) official alleged in a whistleblower disclosure that DOGE officials created “a live copy of the country’s Social Security information in a cloud environment that circumvents oversight.” Chuck Borges, the SSA’s Chief Data Officer (CDO), “has become aware through reports to him of serious data security lapses, evidently……

Read More DOGE accused of copying entire Social Security database to insecure cloud system
News

CISA orders federal agencies to patch Sitecore zero-day following hacking reports
Bys s September 7, 2025

Jonathan Greig reports: Federal civilian agencies have until September 25 to patch a vulnerability in popular content management system Sitecore after incident responders said they disrupted a recent attack involving the bug. Sitecore published a bulletin on Wednesday about CVE-2025-53690, which affects several of the company’s products. A key issue with the bug is the use of……

Read More CISA orders federal agencies to patch Sitecore zero-day following hacking reports
News

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign
Bys s April 28, 2026

A cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate a campaign that targets Minecraft players with a new stealer called LofyStealer (aka GrabBot). “The malware disguises itself as a Minecraft hack called ‘Slinky,’” Brazil-based cybersecurity company ZenoX said in a technical report. “It uses the official game icon to…

Read More Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign
News

Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor
Bys s October 13, 2025

Microsoft said it has revamped the Internet Explorer (IE) mode in its Edge browser after receiving “credible reports” in August 2025 that unknown threat actors were abusing the backward compatibility feature to gain unauthorized access to users’ devices. “Threat actors were leveraging basic social engineering techniques alongside unpatched (0-day) exploits in Internet Explorer’s JavaScript

Read More Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor
News

Alphabet’s Verily covered up HIPAA violations, whistleblower says in lawsuit
Bys s September 15, 2025

Here’s another whistleblower suit recently filed. Ashley Capoot reports: Alphabet’s health tech subsidiary, Verily, used the health data of more than 25,000 patients without authorization and actively covered up those violations, a former company executive alleges. The executive, Ryan Sloan, claims Verily fired him after he discovered breaches of the Health Insurance Portability and Accountability Act, or……

Read More Alphabet’s Verily covered up HIPAA violations, whistleblower says in lawsuit
News

A Swath of Bank Customer Data Was Hacked. The F.B.I. Is Investigating.
Bys s November 23, 2025

Rob Copeland, Stacy Cowley, and Devlin Barrett report: Some of the nation’s biggest banks were scrambling on Saturday night to assess the fallout from a large-scale hack of a vendor whose compromise could expose sensitive customer data. The vendor, SitusAMC, has been deployed by hundreds of banks and other lenders to help originate and collect……

Read More A Swath of Bank Customer Data Was Hacked. The F.B.I. Is Investigating.

Similar Posts