Critical React2Shell Vulnerability Under Active Exploitation by Chinese Threat Actors
Last updated on 9 December. A critical vulnerability in React Server Components is allegedly being actively exploited by multiple Chinese threat actors, Recorded...
When the Digital World Turns Physical: The Expanding Role of Threat Intelligence in Executive...
Key Takeaways Cyber and physical risks are converging. Online exposure now translates into real-world danger as doxxing, deepfakes, and...
KinoKong – 817,808 breached accounts
In March 2021, the Russian online streaming service KinoKong suffered a data breach that was later redistributed as part of a larger corpus of...
HashJack Attack Targets AI Browsers and Agentic AI Systems
A new wave of client-side attacks bypasses enterprise defenses. - Read more
React2Shell Remote Code Execution
React2Shell is a critical unauthenticated remote code execution (RCE) vulnerability affecting React Server Components (RSC) and frameworks that implement the Flight protocol, including specific...
Oracle Identity Manager Pre-Auth RCE
What is the Vulnerability? CVE-2025-61757 is a critical pre-authentication remote code...
The Bug That Won’t Die: 10 Years of the Same Mistake
CVE-2025-55182 Intelligence Card c/o Recorded Future There are now multiple publicly available exploit scripts...
The Hidden Cascade: Why Law Firm Breaches Destroy More than Data
In the wake of the Salesforce/Gainsight breach (kudos to Salesforce for transparently sharing indicators of compromise and updated progress on remediation), third-party cyber...
Imperva Customers Protected Against React Server Components (RSC) Vulnerability
Overview
On December 3, 2025, the React and Next.js teams disclosed a critical security vulnerability (CVSS 10.0), identified as React2Shell, affecting applications that leverage React...
2026 Phishing Threat Predictions: 5 Key Takeaways
As organizations prepare for another year of highly sophisticated, AI-driven email threats, Cofense’s 2026 Phishing Threat Predictions webinar brought together experts Joshua Bartolomie, Max...
Latest article
Check Point VPN Authentication Bypass Vulnerability
What is the Vulnerability? A critical authentication bypass vulnerability, CVE-2026-50751 (CVSS...
CISA tells agencies to patch smarter, not harder — foreshadowing broader industry practice
Security teams’ patching practices have come under intense pressure over the past year, as active exploitation is up, time-to-exploit windows...
Hackers Abuse Fake Utility Downloads to Install ScreenConnect and Mine Cryptocurrency
Hackers are turning everyday software searches into a trap. A sophisticated cryptojacking campaign is actively targeting users who search for popular PC utilities online,...
Automated Threat Hunting: Turning Threat Intelligence into Executable Hunt Plans
Blake McDermott is Senior Threat Hunter at Rapid7.Every week, threat hunt teams are faced with a steady flow of blogs, advisories, and DFIR reports...
