Critical React2Shell Vulnerability Under Active Exploitation by Chinese Threat Actors
Last updated on 9 December. A critical vulnerability in React Server Components is allegedly being actively exploited by multiple Chinese threat actors, Recorded...
When the Digital World Turns Physical: The Expanding Role of Threat Intelligence in Executive...
Key Takeaways Cyber and physical risks are converging. Online exposure now translates into real-world danger as doxxing, deepfakes, and...
KinoKong – 817,808 breached accounts
In March 2021, the Russian online streaming service KinoKong suffered a data breach that was later redistributed as part of a larger corpus of...
HashJack Attack Targets AI Browsers and Agentic AI Systems
A new wave of client-side attacks bypasses enterprise defenses. - Read more
React2Shell Remote Code Execution
React2Shell is a critical unauthenticated remote code execution (RCE) vulnerability affecting React Server Components (RSC) and frameworks that implement the Flight protocol, including specific...
The Bug That Won’t Die: 10 Years of the Same Mistake
CVE-2025-55182 Intelligence Card c/o Recorded Future There are now multiple publicly available exploit scripts...
The Hidden Cascade: Why Law Firm Breaches Destroy More than Data
In the wake of the Salesforce/Gainsight breach (kudos to Salesforce for transparently sharing indicators of compromise and updated progress on remediation), third-party cyber...
2026 Phishing Threat Predictions: 5 Key Takeaways
As organizations prepare for another year of highly sophisticated, AI-driven email threats, Cofense’s 2026 Phishing Threat Predictions webinar brought together experts Joshua Bartolomie, Max...
CVE-2025-55182 (React2Shell): Remote code execution in React Server Components and Next.js
Learn more about the CVE-2025-55182 vulnerability affecting React Server Components and affecting Next.js. - Read more
Seasonal Surge: Why HR Phishing Peaks in Q4 and the Seven Themes Behind It
By: Jacob Malimban, Intelligence TeamQ3 and Q4 of each year tend to see the most Human Resources (HR) task-related phishing threats, but the specific...
Latest article
CVE-2026-41940: cPanel & WHM Authentication Bypass
OverviewOn April 28, 2026, cPanel issued a security update to fix a critical vulnerability affecting the cPanel & WHM and WP Squared products. In...
Cursor Extension Flaw Exposes Developer API Keys
Cursor flaw lets extensions steal API keys and session tokens without user interaction, according to researchers at LayerX - Read more
CVE-2026-21246 Windows Graphics Component Elevation of Privilege Vulnerability
Acknowledgement added. This is an informational change only. - Read more
ClickUp Data Leak Exposes Enterprise Emails for Over a Year
A hardcoded ClickUp API key exposed hundreds of corporate and government emails for over a year, raising new SaaS security concerns.
The post ClickUp Data...
