React.js Hit by Maximum-Severity 'React2Shell' Vulnerability
A critical RCE flaw in React.js, dubbed React2Shell (CVE-2025-55182), has been disclosed with a maximum CVSS score of 10.0, posing severe risks for server-side implementations
Information Security Magazine
China-Linked Warp Panda Targets North American Firms in Espionage Campaign
2 days 2 hours ago
CrowdStrike warned that Warp Panda, a China-linked cyber-espionage group, is targeting US organizations to steal sensitive data and support Beijing’s strategic interests
Louvre to Bolster Its Security, Issues €57m Public Tender
2 days 4 hours ago
The French museum is planning to revamp its safety and security systems following a high-profile burglary in October
Predator Spyware Maker Intellexa Evades Sanctions, New Victims Identified
2 days 7 hours ago
Data leaks have shed a new light on Intellexa’s flagship spyware infrastructure and attack vectors
CISA and International Partners Issue Guidance for Secure AI in Infrastructure
3 days ago
Cybersecurity agencies have issued guidance for securely integrating AI into OT systems
Cyber Agencies Push for Digital Trust Amid AI Era with New Provenance Report
3 days 1 hour ago
UK’s NCSC and Canada’s CCCS release a joint report on content provenance, urging organizations to strengthen digital trust and combat AI-driven misinformation
New GhostFrame Phishing Framework Hits Over One Million Attacks
3 days 2 hours ago
The GhostFrame phishing framework, using stealthy iframes, was linked to over 1 million attacks
Skills Shortages Trump Headcount as Critical Cyber Challenge
3 days 5 hours ago
ISC2 report reveals 59% of global organizations have critical or significant skills shortages
Post Office Escapes £1m Fine After Postmaster Data Breach
3 days 7 hours ago
The Information Commissioner’s Office has chosen only to reprimand the Post Office after a 2024 breach
French NGO Reporters Without Borders Targeted by Star Blizzard
4 days ago
A fresh wave of spear-phishing linked to the Russia-based Star Blizzard group has been detected by Sekoia
UK's Cyber Service for Telcos Blocks One Billion Malicious Site Attempts
4 days ago
A new cyber defense service has prevented almost one billion early-stage cyber-attacks in the past year, British Security Minister claims
Yearn Finance yETH Pool Hit by $9M Exploit
4 days 1 hour ago
A critical vulnerability in Yearn Finance's yETH pool allowed an attacker to steal around $9m
UK Ransomware Payment Ban to Come with Exemptions, Security Minster Say
4 days 3 hours ago
The UK government’s proposed ransomware payment ban for public sector and critical infrastructure will come with national security exemptions
Disinformation and Cyber-Threats Among Top Global Exec Concerns
4 days 5 hours ago
A new WEF report reveals that AI-powered threats like disinformation are among executives’ biggest concerns
Pall Mall Process to Define Responsible Commercial Cyber Intrusion
4 days 6 hours ago
The Pall Mall Process begins outreach to define guidelines for private commercial intrusion industry
Critical PickleScan Vulnerabilities Expose AI Model Supply Chains
5 days ago
3 critical zero-day flaws in PickleScan, affecting Python and PyTorch, allowed undetected attacks
ShadyPanda's Seven-Year Campaign Infects 4.3M Chrome and Edge Users
5 days 1 hour ago
Infected 4.3 million Chrome and Edge users via extensions; ShadyPanda exploited browser marketplaces
Google Releases Patches for Android Zero-Day Flaws Exploited in the Wild
5 days 5 hours ago
Google said it found indications that two newly identified vulnerabilities affecting Android “may be under limited, targeted exploitation”
ICO Set to Check If Mobile Games Comply with Children’s Code
5 days 6 hours ago
The UK Information Commissioner’s Office has launched an investigation into the mobile gaming sector
Most Companies Fear State-Sponsored Cyber-Attacks and Want More Government Help
5 days 7 hours ago
New IO study claims 88% of US and UK firms are concerned about state-sponsored cyber-attacks
Checked
50 minutes 14 seconds ago