ShellShock Makes a Comeback and RondoDox Changes Tactics
Legacy bugs continue to serve attackers. - Read more
When the Digital World Turns Physical: The Expanding Role of Threat Intelligence in Executive...
Key Takeaways Cyber and physical risks are converging. Online exposure now translates into real-world danger as doxxing, deepfakes, and...
Critical React2Shell Vulnerability Under Active Exploitation by Chinese Threat Actors
Last updated on 9 December. A critical vulnerability in React Server Components is allegedly being actively exploited by multiple Chinese threat actors, Recorded...
KinoKong – 817,808 breached accounts
In March 2021, the Russian online streaming service KinoKong suffered a data breach that was later redistributed as part of a larger corpus of...
HashJack Attack Targets AI Browsers and Agentic AI Systems
A new wave of client-side attacks bypasses enterprise defenses. - Read more
React2Shell Remote Code Execution
React2Shell is a critical unauthenticated remote code execution (RCE) vulnerability affecting React Server Components (RSC) and frameworks that implement the Flight protocol, including specific...
Oracle Identity Manager Pre-Auth RCE
What is the Vulnerability? CVE-2025-61757 is a critical pre-authentication remote code...
The Hidden Cascade: Why Law Firm Breaches Destroy More than Data
In the wake of the Salesforce/Gainsight breach (kudos to Salesforce for transparently sharing indicators of compromise and updated progress on remediation), third-party cyber...
The Bug That Won’t Die: 10 Years of the Same Mistake
CVE-2025-55182 Intelligence Card c/o Recorded Future There are now multiple publicly available exploit scripts...
Imperva Customers Protected Against React Server Components (RSC) Vulnerability
Overview
On December 3, 2025, the React and Next.js teams disclosed a critical security vulnerability (CVSS 10.0), identified as React2Shell, affecting applications that leverage React...
Latest article
Oracle PeopleSoft Zero-Day
What is the Attack? Google Threat Intelligence Group (GTIG) and Mandiant...
Mistic Backdoor Blends With Microsoft Endpoint Security Tooling to Evade Detection
A new and stealthy backdoor named Mistic has been quietly targeting corporate networks since April 2026, disguising itself using the names and appearance of...
Restrict AWS Management Console access to expected networks with sign-in resource-based policies and RCPs
Amazon Web Services (AWS) recently announced support for resource-based policies and resource control policies (RCPs) for AWS Sign-In. By using resource-based policies and RCPs,...
Healthcare Vendor Xsolis Reports Breach Affecting 1.4M People
Xsolis confirmed a healthcare data breach affecting nearly 1.4 million people after a phishing attack exposed health and identity data.
The post Healthcare Vendor Xsolis...
