Hackers exploit React2Shell in automated credential theft campaign

Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell ...
The Hacker News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
InfoQ

AWS Enables Lambda Function Triggers from RDS for SQL Server Database Events

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Agent workflows make transport a first-order ...
The Hacker News

AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS JavaScript SDK, ...
Geeky Gadgets

Self-Host Your Airtable Workflows with a Docker-Friendly SQL-Backed Grid Interface

What if you could break free from subscription fees, vendor lock-in, and row limits while still managing your data with the ease of a spreadsheet? Better Stack walks through how an open source ...
GitHub

CVE-2025-61724 (HIGH): detected in Lambda Docker Images.

public.ecr.aws/lambda/provided:latest public.ecr.aws/lambda/provided@sha256:838693f555a26743ece11c97cef4d1bb6f90b37766c9844288881da7ef14fa02 public.ecr.aws/lambda ...
SiliconANGLE

Darktrace reveals ShadowV2 botnet exploiting Docker misconfigurations in AWS

A new report out today from Darktrace Ltd. reveals a sophisticated cybercrime campaign that blends traditional malware with cloud-native design principles, exposing how threat actors are evolving ...