As the React2Shell flaw threatens React & Next.js apps, learn how SentinelOne detects, validates, and protects vulnerable workloads.

Proof of life? Or an active social media presence? Criminals are altering social media and other publicly available images of people to use as fake proof of life photos in "virtual kidnapping" and...

A new agentic browser attack targeting Perplexity's Comet browser that's capable of turning a seemingly innocuous email into a destructive action that wipes a user's entire Google Drive contents,...

A debate over actual exploitation is muddying response efforts. Multiple researchers say they’ve observed working proof of concepts while others assert evidence of attacks is lacking. The post...

The vampire squid (Vampyroteuthis infernalis) has the largest cephalopod genome ever sequenced: more than 11 billion base pairs. That’s more than twice as large as the biggest squid genomes. It’s...

Who needs JavaScript? Security researcher Lyra Rebane has devised a novel clickjacking attack that relies on Scalable Vector Graphics (SVG) and Cascading Style Sheets (CSS).…

A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity (XXE) injection attack. The vulnerability, tracked as CVE-2025-66516, is rated 10.0 on the...

Security community needs to rally and share more info faster, one researcher says Amid new reports of attackers pummeling a maximum security hole (CVE-2025-55182) in the React JavaScript library,...

Akshaya Asokan reports: The U.K. government is considering amending its three-decade-old hacking law to include a “statutory defense” cover for security researchers, Security Minister Dan Jarvis...

Islam Uddin reports: Japanese authorities have issued an arrest warrant against a teenager suspected of a cyberattack while using artificial intelligence, local media reported on Thursday. The...

Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) within hours of it becoming public knowledge. The...

Cybereason is continuing to investigate. Check the Cybereason blog for additional updates. KEY TAKEAWAYS Critical vulnerability discovered on December 3, 2025 in React that could allow for...

A human rights lawyer from Pakistan's Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the first time a civil society member in the country was targeted...

A vulnerability in the React Server Components (RSC) implementation has been discovered that could allow for remote code execution. Specifically, it could allow for unauthenticated remote code...

Authorities seize a major crypto mixer, researchers expose DPRK remote identity theft scheme, and critical React2Shell flaw allows RCE.

Most MSPs and MSSPs know how to deliver effective security. The challenge is helping prospects understand why it matters in business terms. Too often, sales conversations stall because prospects...

The bug, tagged as CVE-2025-55182 and referred to colloquially as React2Shell, was reported to Meta by researcher Lachlan Davidson on November 29 and publicly disclosed on Wednesday, when a fix...

Laptop maker says a vendor breach exposed some phone camera code, but not its own systems Asus has admitted that a third-party supplier was popped by cybercrims after the Everest ransomware gang...

State-backed attackers started poking flaw as soon as it dropped – anyone still unpatched is on borrowed time Amazon has warned that China-nexus hacking crews began hammering the critical React...

X's paid "blue checkmark" system for verifying users and other aspects of the platform violate the EU's Digital Services Act, the European Commission said in fining the company €120 million ($139 million).

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the...

As seen on Cybernews: The average hacker is not a teen – it’s more likely to be their dad New data compiled by Orange Cyberdefense, as part of its Security Navigator 2026 threat landscape...

Updates include novel abuse of recruitment platforms, modified infection chains, and expansion into a hybrid operation that combines data theft and ransomware deployment

One of the biggest goals in 2026 for the Space Force’s Program Executive Office for Operational Test and Training Infrastructure (PEO OTTI) is to create the final requirements for its main...

The Pentagon plans to purchase more than 200,000 industry-made drones by 2027 — with forthcoming orders for 30,000 of those unmanned assets to be delivered by July 2026 — via its new Drone...

The National Security Agency recently achieved its goals to shed around 2,000 people from its workforce this year, according to three people familiar with the spy agency’s posture. The people...

When news broke approximately a year ago that Chinese hackers had systemically penetrated at least nine major U.S. communications networks, the level of alarm from policymakers was clear. At a...

During the nearly four years since Russia invaded Ukraine, satellite constellations have been a lifeline for Ukrainian forces, keeping the Internet and the military connected despite ongoing...

A few days ago, CVE-2025–55182 was revealed alongside an excellent write up: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-componentsThe disclosure write up is...

Plan would create statutory powers for police use of biometrics, prompting warnings of mass surveillance The UK government has kicked off plans to ramp up police use of facial recognition,...