Hackers exploit React2Shell in automated credential theft campaign

Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell ...
The Hacker News

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.
CSO Online

New ClickFix variant bypasses Apple safeguards with one‑click script execution

Jamf finds a ClickFix variant that swaps copy-paste Terminal lures for Script Editor execution, tightening delivery of Atomic ...

Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...

New WhatsApp Attacks—Microsoft Shares Critical Warning For Users

WhatsApp users need to pay close attention following the latest attack warning from Microsoft. Here's what you need to know.
CSO Online

North Korean hackers abuse LNKs and GitHub repos in ongoing campaign

The multi-stage campaign targeting South Korea uses weaponized Windows shortcuts and GitHub-based command and control to ...