Security researchers at Sysdig have observed new campaigns exploiting React2Shell which appear to have the hallmarks of North Korean hackers. React2Shell is a remote code execution vulnerability in React Server Components (RSCs). Tracked as CVE-2025-55182, the flaw has a maximum… Read More "React2Shell Exploit Campaigns Tied to North Korean Cyber Tactics"
With the rapid adoption of generative AI, a new wave of threats is emerging across the industry with the aim of manipulating the AI systems themselves. One such emerging attack vector is indirect prompt injections. Unlike direct prompt injections, where… Read More "Mitigating prompt injection attacks with a layered defense strategy"
Microsoft patched an actively exploited zero-day vulnerability as part of its monthly security update cycle yesterday. CVE-2025-62221 is an elevation of privilege (EoP) bug in the Windows Cloud Files Mini Filter Driver, which enables a low-privileged user to achieve system-level… Read More "Microsoft Fixes Three Zero-Days in Final Patch Tuesday of 2025"
The Department of Homeland Security is moving to consolidate its face recognition and other biometric technologies into a single system capable of comparing faces, fingerprints, iris scans, and other identifiers collected across its enforcement agencies, according to records reviewed by… Read More "DHS Wants a Single Search Engine to Flag Faces and Fingerprints Across Agencies"
Posted by David Adrian, Javier Castro & Peter Kotwicz, Chrome Security Team Android recently announced Advanced Protection, which extends Google’s Advanced Protection Program to a device-level security setting for Android users that need heightened security—such as journalists, elected officials, and… Read More "Advancing Protection in Chrome on Android"
Ravie LakshmananFeb 20, 2026Cybercrime / Law Enforcement A 29-year-old Ukrainian national has been sentenced to five years in prison in the U.S. for his role in facilitating North Korea’s fraudulent information technology (IT) worker scheme. In November 2025, Oleksandr “Alexander”… Read More "Ukrainian National Sentenced to 5 Years in North Korea IT Worker Fraud Case"
Some Minecraft mods don’t help build worlds – they break them. Here’s how malware can masquerade as a Minecraft mod. 16 Oct 2025 • , 5 min. read Gaming is one of the defining pastimes of the digital age, and… Read More "When ‘hacking’ your game becomes a security risk"
A self-styled social networking platform built for AI agents contained a misconfigured database which allowed full read and write access to all data, security researchers have revealed. Moltbook was vibe coded by its creator, Matt Schlicht, as a place for… Read More "Vibe-Coded Moltbook Exposes User Data, API Keys and More"
A PDF that Department of Homeland Security officials provided to New Hampshire governor Kelly Ayotte’s office about a new effort to build “mega” detention and processing centers across the United States contains embedded comments and metadata identifying the people who… Read More "Metadata Exposes Authors of ICE’s ‘Mega’ Detention Center Plans"
Today we’re excited to announce OSS Rebuild, a new project to strengthen trust in open source package ecosystems by reproducing upstream artifacts. As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid… Read More "Open Source, Rebuilt to Last"
