Admins and defenders gird themselves against maximum-severity server vuln

According to Wiz and fellow security firm Aikido, the vulnerability, tracked as CVE-2025-55182, resides in Flight, a protocol ...

React2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerable

Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now confirming that attackers have already ...
BankInfoSecurity

Breach Roundup: React Flaw Incites Supply Chain Risk

This week, the React flaw, a belated Windows fix, Defense Secretary Pete Hegseth's Signal group posed operational risk, more ...
Cybernews

Despite Microsoft’s secret patch, LNK loophole remains viable for hackers to deliver malware

Microsoft has released a patch for link (LNK) files. However, it does not stop hackers from abusing them to deliver malware.
InfoWorld

Contagious Interview attackers go ‘full stack’ to fool you

The originators of the Contagious Interview cyberattack campaign are stitching GitHub, Vercel, and NPM together into a ...
Security Boulevard

Shai-Hulud: The Second Coming

While the September 2025 Shai-Hulud attack focused primarily on credential harvesting and self-propagation, this new variant ...

Shai-Hulud 2: New version of NPM worm also attacks low-code platforms

The attackers have learned from their mistakes and have now developed a more aggressive version of the worm. It has already ...

Americans eye Thanksgiving travel weather after Texas tornadoes, snow and rain elsewhere

Some suburban Houston residents are dealing with cleanup following at least two tornadoes as heavy rain falls around the ...