Cyber Security News

A critical unauthenticated remote code execution vulnerability dubbed “React2Shell” is actively being exploited in the wild, putting millions of web services at risk. On December 3, React disclosed CVE-2025-55182, a critical flaw in React Server Components with a CVSS score of 10. The vulnerability stems from insecure deserialization within the “Flight” protocol used by React […]

The post 2.15M Web Services Running Next.js Exposed Over Internet, Active Exploitation Underway – Patch Now appeared first on Cyber Security News.

Security researchers from the SAFA team have uncovered four kernel heap overflow vulnerabilities in Avast Antivirus, all traced to the aswSnx kernel driver. The flaws, now tracked collectively as CVE-2025-13032, could allow a local attacker to escalate privileges to SYSTEM on Windows 11 if successfully exploited. The research focused on Avast’s sandbox implementation, a component […]

The post Avast Antivirus Sandbox Vulnerabilities Let Attackers Escalate Privileges appeared first on Cyber Security News.

Madison, United States, December 5th, 2025, CyberNewsWire Sprocket Security is proud to announce that it has once again been recognized by G2 for “High Performer,” “Best Support,” and “Easiest to Do Business With” in the Winter 2025 Relationship Index for Penetration Testing. This marks the second consecutive quarter Sprocket has earned these honors, reinforcing the […]

The post Sprocket Security Earns Repeat Recognition in G2’s Winter 2025 Relationship Index for Penetration Testing appeared first on Cyber Security News.

Torrance, California, USA, December 5th, 2025, CyberNewsWire Criminal IP will host a live webinar on December 16 at 11:00 AM Pacific Time (PT), focusing on the shift in cyberattack strategies. The session will examine how an increasing number of incidents now originate from exposed digital assets, rather than from known software vulnerabilities. As organizations rapidly […]

The post Criminal IP to Host Webinar: Beyond CVEs – From Visibility to Action with ASM appeared first on Cyber Security News.

Netflix has struck a transformative deal to acquire Warner Bros. studios, HBO, and HBO Max from Warner Bros. Discovery (WBD) in a cash-and-stock transaction valued at $82.7 billion. The move catapults Netflix into a content powerhouse, blending its streaming dominance with Warner’s storied Hollywood legacy. Announced Friday, the agreement values WBD shares at $27.75 each, […]

The post Netflix Acquires Warner Bros. Studios and HBO in Landmark $82.7 Billion Megadeal appeared first on Cyber Security News.

Cybercriminals are actively spreading CoinMiner malware through USB drives, targeting workstations across South Korea to mine Monero cryptocurrency. This ongoing campaign uses deceptive shortcut files and hidden folders to trick users into executing malicious scripts without their knowledge. The attack leverages a combination of VBS, BAT, and DLL files that work together to install XMRig, […]

The post Threat Actors Deploying CoinMiner Malware via USB Drives Infecting Workstations appeared first on Cyber Security News.

A sophisticated cyber threat has emerged targeting Windows systems across multiple countries in the Middle East. UDPGangster, a UDP-based backdoor, represents a dangerous new weapon in the arsenal of the MuddyWater threat group, known for conducting cyber espionage operations throughout the Middle East and neighboring regions. This malware gives attackers complete remote control over compromised […]

The post MuddyWater Hackers Using UDPGangster Backdoor to Attack Windows Systems Evading Network Defenses appeared first on Cyber Security News.

Cloudflare’s global network suffered a brief but widespread disruption this morning, lasting approximately 25 minutes, due to an internal change in its Web Application Firewall (WAF) designed to counter a critical vulnerability in React Server Components. The incident, which began around 8:47 GMT, affected the Cloudflare Dashboard, APIs, and proxied services, causing 500 Internal Server […]

The post Cloudflare Outage Traced to Emergency React2Shell Patch Deployment appeared first on Cyber Security News.

A persistent privilege escalation technique in AWS that allows attackers with limited permissions to execute code under higher-privileged execution roles on EC2 instances and SageMaker notebook instances. First documented by Grzelak in 2016 for EC2, the method exploits modifiable boot-time configurations to inject malicious payloads, bypassing standard IAM controls like PassRole. Recent analysis from Security […]

The post AWS Execution Roles Enable Subtle Privilege Escalation in SageMaker and EC2 appeared first on Cyber Security News.

A new Remote Access Trojan known as CastleRAT has emerged as a growing threat to Windows systems worldwide. First observed around March 2025, this malware enables attackers to gain complete remote control over compromised machines. The threat comes in two main builds: a lightweight Python version and a more powerful compiled C version, with the […]

The post Hackers Using CastleRAT Malware to Attack Windows Systems and Gain Remote Access appeared first on Cyber Security News.

Russian threat actors are running a new wave of phishing campaigns that spoof major European security events to quietly steal cloud credentials. Invitations that look legitimate, often tied to conferences such as the Belgrade Security Conference or the Brussels Indo-Pacific Dialogue, direct targets to polished registration sites that mimic real organizers. Behind this professional surface, […]

The post Russian Hackers Spoof European Events in Targeted Phishing Attacks appeared first on Cyber Security News.

A critical security vulnerability in Apache Tika has been discovered that allows attackers to compromise systems by uploading specially crafted PDF files. Organizations worldwide are urged to patch immediately. Apache Tika is a popular open-source toolkit used by thousands of organizations to extract text and metadata from documents, including PDFs, Word files, and images. Apache […]

The post Critical Apache Tika Core Vulnerability Exploited by Uploading Malicious PDF appeared first on Cyber Security News.

Russian-backed threat actors continue their sophisticated cyber espionage operations against Western institutions through advanced phishing tactics. Calisto, a Russia-nexus intrusion set attributed to the Russian FSB’s Center 18 for Information Security (military unit 64829), has emerged as a persistent threat targeting NATO research entities and strategic organizations. The group has expanded its attack scope to […]

The post Russian Calisto Hackers Target NATO Research Sectors with ClickFix Malicious Code appeared first on Cyber Security News.

A new sophisticated threat actor has emerged in the cybersecurity landscape, targeting critical infrastructure across the United States. The adversary, operating under the name WARP PANDA, has demonstrated remarkable technical capabilities in infiltrating VMware vCenter environments at legal, technology, and manufacturing organizations. This group’s emergence marks a significant escalation in cloud-based cyberattacks, with particular focus […]

The post China-Nexus Hackers Exploiting VMware vCenter Environments to Deploy Web Shells and Malware Implants appeared first on Cyber Security News.

Critical security updates have been released to fix two high-severity flaws in the Triton Inference Server that let attackers crash systems remotely from NVIDIA. Both flaws received a CVSS score of 7.5, indicating they are high-priority threats requiring immediate patching. The first vulnerability (CVE-2025-33211) involves improper validation of input quantity. An attacker can exploit this […]

The post NVIDIA Triton Vulnerability Let Attackers Trigger DoS Attack Using Malicious Payload appeared first on Cyber Security News.

Attackers are actively exploiting a serious vulnerability in Array Networks’ ArrayOS AG series to gain unauthorized access to enterprise networks. The flaw exists in the DesktopDirect function, a feature designed to provide remote desktop access to administrators. Security researchers have discovered that this command injection vulnerability allows attackers to execute arbitrary commands on affected systems […]

The post Hackers Actively Exploiting ArrayOS AG VPN Vulnerability to Deploy Webshells appeared first on Cyber Security News.

A major disruption swept across the internet today as Cloudflare, a critical backbone for millions of websites, reported widespread issues with its Dashboard and APIs, triggering 500 Internal Server Errors for users globally. The outage, confirmed by Cloudflare’s status page, began around 08:56 UTC and impacted management tools, automations, and integrations reliant on these services. […]

The post Cloudflare Outage Hits Internet with 500 Internal Server Error appeared first on Cyber Security News.

A dangerous new Android spyware variant called ClayRat has emerged as a significant threat to mobile device security worldwide. First identified in October by the zLabs team, this malware represents a concerning evolution in mobile threats with capabilities that allow attackers to gain near-complete control over infected devices. The spyware demonstrates sophisticated techniques to steal […]

The post ClayRat Android Malware Steals SMS Messages, Call Logs and Capture Victim Photos appeared first on Cyber Security News.

A dangerous new wave of phishing attacks is targeting Solana users by changing wallet ownership permissions rather than stealing private keys. A victim lost more than USD 3 million in a single attack, with an additional USD 2 million locked in investment platforms. What makes this attack unique is that the user’s funds remained visible […]

The post Beware of Solana Phishing Attacks That Let Hackers Initiate Unauthorized Account Transfer appeared first on Cyber Security News.

A critical command injection vulnerability in the open-source network monitoring tool Cacti allows authenticated attackers to execute arbitrary code remotely, potentially compromising the entire monitoring infrastructure. The flaw, tracked as CVE-2025-66399, affects all versions up to 1.2.28 and stems from inadequate input validation in the SNMP device configuration functionality. The vulnerability resides in the device […]

The post Cacti Command Injection Vulnerability Let Attackers Execute Malicious Code Remotely appeared first on Cyber Security News.