React2Shell flaw (CVE-2025-55182) exploited for remote code execution
The availability of exploit code will likely lead to more widespread opportunistic attacks
Similar Posts
Malicious PyPI Package “automslc” Enables 104K+ Unauthorized Deezer Music Downloads
Bys sCybersecurity researchers have flagged a malicious Python library on the Python Package Index (PyPI) repository that facilitates unauthorized music downloads from music streaming service Deezer. The package in question is automslc, which has been downloaded over 104,000 times to date. First published in May 2019, it remains available on PyPI as of writing. “Although automslc,…
Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions
Bys sGoogle on Wednesday released security updates for the Chrome web browser to address four vulnerabilities, including one that it said has been exploited in the wild. The zero-day vulnerability in question is CVE-2025-10585, which has been described as a type confusion issue in the V8 JavaScript and WebAssembly engine. Type confusion vulnerabilities can have severe…
Landmark civil penalty of AU$5.8 million issued under Australia’s Privacy Act
Bys sCharmian Aw, Melissa B. Levine, and Ciara O’Leary of Hogan Lovells write: On 9 October 2025 the Federal Court of Australia (the Court) imposed an AU$5.8 million civil penalty on Australian Clinical Labs Limited, one of Australia’s largest private hospital pathology service providers (the Company), for systemic failures that led to the unauthorised access to……
Who Approved This Agent? Rethinking Access, Accountability, and Risk in the Age of AI Agents
Bys sAI agents are accelerating how work gets done. They schedule meetings, access data, trigger workflows, write code, and take action in real time, pushing productivity beyond human speed across the enterprise. Then comes the moment every security team eventually hits: “Wait… who approved this?” Unlike users or applications, AI agents are often deployed quickly, shared…
Dual Russian And Israeli National Extradited To The United States For His Role In The LockBit Ransomware Conspiracy
Bys sFrom the U.S. Attorney’s Office, District of New Jersey, an update on the case involving an alleged dev for LockBit: NEWARK, N.J. – A dual Russian and Israeli national was extradited to the United States on charges that he was a developer of the LockBit ransomware group, United States Attorney John Giordano announced. In August,…
Amazon Exposes Years-Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure
Bys sAmazon’s threat intelligence team has disclosed details of a “years-long” Russian state-sponsored campaign that targeted Western critical infrastructure between 2021 and 2025. Targets of the campaign included energy sector organizations across Western nations, critical infrastructure providers in North America and Europe, and entities with cloud-hosted network infrastructure. The activity has