CSO Online

Security lapse lets researchers see React2Shell hackers’ dashboard

The campaign is stealing credentials from unpatched servers at scale, due to “neglect and efficiency,” says analyst, and the ...
SecurityWeek

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

The UAT-10608 hacking group is using automated scanning and scripts to exploit React2Shell in a large-scale credential ...

Bungie Teases Upcoming Marathon Changes, Starting With Much Needed Buffs

Patch 1.0.6 is the next major update hitting Marathon soon, and part of the patch makes one of its weaker characters much ...
The Hacker News

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

"The C2 hosts a web-based graphical user interface (GUI) titled 'NEXUS Listener' that can be used to view stolen information ...
The Hacker News

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The U.S. State Department has officially launched the Bureau of Emerging Threats, a new unit tasked with protecting U.S.

AI Just Hacked One Of The World's Most Secure Operating Systems

An AI agent just autonomously exploited a FreeBSD kernel vulnerability in four hours, signaling a fundamental shift in the ...

Zero-day allows code execution in WindChill and FlexPLM

The manufacturer warns and urges admins to urgently secure their instances with a workaround. A patch is still pending.
Deadline.com

Big Bet: Jeff Shell Countersues In “Shakedown” $150M Loose Lips Battle; Mega-Suit Against David Ellison & Paramount Brass Could Be In The Cards From Pro Gambler Accuser

Litigator Patty Glaser promised last month Jeff Shell would “strongly respond” to threats legal and otherwise from a professional gambler over potentially insider information and leaked data, and ...
Android Authority

Qualcomm responds to GBL exploit used on latest Snapdragon flagships

Qualcomm confirmed that fixes for the GBL exploit were provided to Android device makers earlier this month. The exploit, discovered by Xiaomi ShadowBlade Security Lab, was a key component in ...
Android Authority

New Qualcomm exploit chain brings bootloader unlocking freedom to Android flagships (Updated: Statement)

A vulnerability in Qualcomm’s Android Bootloader implementation allows unsigned code to run via the “efisp” partition on Android 16 devices. This is paired with a “fastboot” command oversight to ...
InfoQ

AI-Powered Bot Compromises GitHub Actions Workflows across Microsoft, DataDog, and CNCF Projects

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...