Infosecurity-magazine.com

Log4Shell Downloaded 40 Million Times in 2025

Tens of millions of downloads of the popular Java logging library Log4j this year were vulnerable to a CVSS 10.0-rated vulnerability that first surfaced four years ago, according to Sonatype. The ...
CSO Online

Webrat turns GitHub PoCs into a malware trap

The known RAT aimed at gamers is now targeting security professionals searching GitHub for PoCs and exploit codes.
The Hacker News

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

A malicious npm package posing as a WhatsApp API intercepts messages, steals credentials, and links attacker devices after 56 ...
The Hacker News

ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories

WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and ...

Hackers exploit unpatched Gogs zero-day to breach 700 servers

An unpatched zero-day vulnerability in Gogs, a popular self-hosted Git service, has enabled attackers to gain remote code execution on Internet-facing instances and compromise hundreds of servers.

North Korean hackers exploit React2Shell flaw in EtherRAT malware attacks

A new malware implant called EtherRAT, deployed in a recent React2Shell attack, runs five separate Linux persistence mechanisms and leverages Ethereum smart contracts for communication with the ...
Security Boulevard

Best of 2025: Inside the Minds of Cybercriminals: A Deep Dive into Black Basta’s Leaked Chats

The leaked internal chat communications of the Black Basta ransomware group offer an unprecedented view into how cybercriminals operate, plan attacks, and ...