Dataproof Communications

In the wake of the Salesforce/Gainsight breach (kudos to Salesforce for transparently sharing indicators of compromise and updated progress on remediation), third-party cyber and exposure risk is top of mind for many CISOs. Professional services firms are often overlooked in this context, with disastrous consequences. Law firms, specifically, are particularly vulnerable to creating downstream risk impacts given the...

CVE-2025-55182 Intelligence Card c/o Recorded Future There are now multiple publicly available exploit scripts (I forked one on GitHub here) for the React and Next.js vulnerabilities (CVE-2025-55182 and CVE-2025-66478). The underlying issue is data serialization/deserialization, which evoked thoughts about a blog I wrote in 2016, addressing the same issue...

Overview On December 3, 2025, the React and Next.js teams disclosed a critical security vulnerability (CVSS 10.0), identified as React2Shell, affecting applications that leverage React Server Components together with Server Actions or Server Functions. The React2Shell vulnerability stems from improper validation of client-supplied data within certain server-side React features. An unauthenticated attacker could exploit this flaw by sending specially crafted requests,...

As organizations prepare for another year of highly sophisticated, AI-driven email threats, Cofense’s 2026 Phishing Threat Predictions webinar brought together experts Joshua Bartolomie, Max Gannon, and Chance Caldwell to break down what security teams should anticipate in the year ahead. Their insights reveal a threat landscape shaped by accelerating offensive and defensive AI adoption and the growing need for...

Learn more about the CVE-2025-55182 vulnerability affecting React Server Components and affecting Next.js. - Read more

The holiday shopping season is the busiest time of year for online retailers, and increasingly the most dangerous. As traffic surges and customers rush to place orders, cybercriminals use the distraction and volume to blend in. Account Takeover (ATO) attacks spike sharply in November and December, targeting shoppers’ saved payment details, loyalty points, wish-lists, and personal data. Most retailers focus...

By: Jacob Malimban, Intelligence TeamQ3 and Q4 of each year tend to see the most Human Resources (HR) task-related phishing threats, but the specific theme used by threat actors changes based on current events. This has led to the explosion of termination as a phishing lure, particularly during Q3 2025. By exploiting fear, threat actors can lower an employee’s...

The Maturity Gap: The Next Frontier in Threat Intelligence Introduction In Recorded Future’s 2025 State of Threat Intelligence report, 49% of enterprises describe their threat intelligence maturity as advanced — a figure that might surprise anyone who sees how complex this work remains...

The author, Julian-Ferdinand Vögele, thanks Amnesty International's Security Lab for its ongoing reporting on the Intellexa and Predator spyware ecosystem. Today, Security Lab published a related report on Intellexa, which can be found here. Executive Summary Insikt Group identified several individuals and entities linked to Intellexa and its broader network of associated companies. These...

A suspected Iran-linked espionage group tracked as UNC1549 is actively targeting aerospace, defense, and telecommunications organizations across Europe and other regions. The threat actor employs a combination of highly tailored spear-phishing, credential theft from third-party services, and the abuse of virtual desktop infrastructure such as Citrix, VMware, and Azure VDI to gain initial access and move laterally within target...