React2Shell flaw (CVE-2025-55182) exploited for remote code execution

Israeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a new set of attacks undertaken by Iranian nation-state actors that have delivered a previously undocumented backdoor called MuddyViper. The activity has been attributed by ESET to a hacking group known as MuddyWater (aka Mango

Just as OT technology differs from IT technology, the threats, likely adversaries, and potential harm also differ. The post Cyber Insights 2025: OT Security appeared first on SecurityWeek.

The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the discovery, versions 1.1.7 of both libraries have been unpublished from the npm…

Two Google Chrome extensions have turned malicious after what appears to be a case of ownership transfer, offering attackers a way to push malware to downstream customers, inject arbitrary code, and harvest sensitive data. The extensions in question, both originally associated with a developer named “akshayanuonline@gmail.com” (BuildMelon), are listed below – QuickLens – Search Screen…

A vulnerability in Google’s OAuth implementation allows takeover of old employee accounts when domain ownership changes. The post Google OAuth Flaw Leads to Account Takeover When Domain Ownership Changes appeared first on SecurityWeek.

Upasana Sajeev reports an update to a case previously noted on this site: The Madras High Court has dismissed an appeal filed by cybersecurity specialist Himanshu Pathak against a single judge’s order dismissing his plea seeking directions to the Ministry of Electronics and Information Technology, the Ministry of Finance, the Ministry of Home Affairs, the……