ποΈ Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "reactnativecommunitycli" npm package. Cybersecurity company VulnCheck said it first observed exploitation of CVE202511953 aka Metro4Shell on December 21, 2025. With a CVSS score of 9.8, the vulnerability allows remote unauthenticated attackers to execute arbitrary.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π UK ICO Launches Investigation into X Over AI Generated Non-Consensual Sexual Imagery π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
UK Data Protection Watchdog has serious concerns over data privacy on Elon Musks social platform.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π DockerDash Exposes AI Supply Chain Weakness In Docker's Ask Gordon π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
DockerDash vulnerability allows RCE and data exfiltration via unverified metadata in Ask Gordon.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
DockerDash Exposes AI Supply Chain Weakness In Docker's Ask Gordon
DockerDash vulnerability allows RCE and data exfiltration via unverified metadata in Ask Gordon
π SQL Injection Flaw Affects 40,000 WordPress Sites π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
40,000 WordPress sites are vulnerable to SQL injection in Quiz and Survey Master plugin.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
β€1
π’ Google issues warning over ShinyHunters-branded vishing campaigns π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Related groups are stealing data through voice phishing and fake credential harvesting websites.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Google issues warning over ShinyHunters-branded vishing campaigns
Related groups are stealing data through voice phishing and fake credential harvesting websites
π’ The CVE system isnβt working β what's next? π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
With 2025's funding issues underlining key issues with the CVE system, what should businesses be doing to source intelligence about security vulnerabilities?.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
The CVE system isnβt working β what's next?
With 2025's funding issues underlining key issues with the CVE system, what should businesses be doing to source intelligence about security vulnerabilities?
π¦Ώ Windows Shutdown Bug Spreads to Windows 10, Microsoft Confirms π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Microsoft confirms a Windows bug preventing some PCs from shutting down or hibernating after January 2026 updates. A fix is still pending. The post Windows Shutdown Bug Spreads to Windows 10, Microsoft Confirms appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Windows Shutdown Bug Spreads to Windows 10, Microsoft Confirms
Microsoft confirms a Windows bug preventing some PCs from shutting down or hibernating after January 2026 updates. A fix is still pending.
π¦Ώ Chrome Add-On Caught Stealing Amazon Commissions π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
A Chrome extension posing as an Amazon ad blocker was caught hijacking affiliate links in the background, redirecting commissions without user consent. The post Chrome AddOn Caught Stealing Amazon Commissions appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Chrome Add-On Caught Stealing Amazon Commissions
A Chrome extension posing as an Amazon ad blocker was caught hijacking affiliate links in the background, redirecting commissions without user consent.
π¦Ώ New Microsoft Update Improves Windows Sign-In Experience π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Windows 11s optional KB5074105 update fixes the missing password icon bug linked to August 29, 2025s KB5064081 and delivers 32 improvements. The post New Microsoft Update Improves Windows SignIn Experience appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
New Microsoft Update Improves Windows Sign-In Experience
Windows 11βs optional KB5074105 update fixes the missing password icon bug linked to August 29, 2025βs KB5064081 and delivers 32 improvements.
ποΈ China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025. Check Point Research is tracking the previously undocumented activity cluster under the moniker AmaranthDragon, which it said shares links to the APT 41 ecosystem. Targeted countries include Cambodia,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Orchid Security Introduces Continuous Identity Observability for Enterprise Applications ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
An innovative approach to discovering, analyzing, and governing identity usage beyond traditional IAM controls. The Challenge Identity Lives Outside the Identity Stack Identity and access management tools were built to govern users and directories. Modern enterprises run on applications. Over time, identity logic has moved into application code, APIs, service accounts, and custom authentication.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ The First 90 Seconds: How Early Decisions Shape Incident Response Investigations ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Many incident response failures do not come from a lack of tools, intelligence, or technical skills. They come from what happens immediately after detection, when pressure is high, and information is incomplete. I have seen IR teams recover from sophisticated intrusions with limited telemetry. I have also seen teams lose control of investigations they should have been able to handle. The.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Microsoft has warned that informationstealing attacks are "rapidly expanding" beyond Windows to target Apple macOS environments by leveraging crossplatform languages like Python and abusing trusted platforms for distribution at scale. The tech giant's Defender Security Research Team said it observed macOStargeted infostealer campaigns using social engineering techniques such as ClickFix since.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Eclipse Foundation, which maintains the Open VSX Registry, has announced plans to enforce security checks before Microsoft Visual Studio Code VS Code extensions are published to the opensource repository to combat supply chain threats. The move marks a shift from a reactive to a proactive approach to ensure that malicious extensions don't end up getting published on the Open VSX Registry.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk WHD to its Known Exploited Vulnerabilities KEV catalog, flagging it as actively exploited in attacks. The vulnerability, tracked as CVE202540551 CVSS score 9.8, is a untrusted data deserialization vulnerability that could pave the way for remote.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Global SystemBC Botnet Found Active Across 10,000 Infected Systems π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
SystemBC malware linked to 10,000 infected IPs, posing risks to sensitive government infrastructure.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Global SystemBC Botnet Found Active Across 10,000 Infected Systems
SystemBC malware linked to 10,000 infected IPs, posing risks to sensitive government infrastructure
π New Technical Markers Reveal Expanding ShadowSyndicate Cybercriminal Infrastructure π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
ShadowSyndicate cluster expands with new SSH fingerprints connecting servers to other ransomware ops.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
New Technical Markers Reveal Expanding ShadowSyndicate Infrastructure
ShadowSyndicate cluster expands with new SSH fingerprints connecting servers to other ransomware ops
π AI Drives Doubling of Phishing Attacks in a Year π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Cofense claims AI is making phishing emails more personalized and sophisticated.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
AI Drives Doubling of Phishing Attacks in a Year
Cofense claims AI is making phishing emails more personalized and sophisticated
π Two Critical Flaws in n8n AI Workflow Automation Platform Allow Complete Takeover π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Pillar Security discovered two new critical vulnerabilities in n8n that could lead to supply chain compromise, credential harvesting and complete takeover attacks.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Two Critical Flaws Found in n8n AI Workflow Automation Platform
Pillar Security discovered two new critical vulnerabilities in n8n that could lead to supply chain compromise, credential harvesting and complete takeover attacks
π SolarWinds Web Help Desk Vulnerability Actively Exploited π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
CISA has added a critical CVE in SolarWinds Web Help Desk to its KEV Catalog.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
SolarWinds Web Help Desk Vulnerability Actively Exploited
CISA has added a critical CVE in SolarWinds Web Help Desk to its KEV Catalog
π Hundreds of Malicious Crypto Trading Add-Ons Found in Moltbot/OpenClaw π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A security researcher found 386 malicious skills published on ClawHub, a skill repository for the popular OpenClaw AI assistant project.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Hundreds of Malicious Crypto Trading Add-Ons Found in Moltbot/OpenClaw
A security researcher found 386 malicious βskillsβ published on ClawHub, a skill repository for the popular OpenClaw AI assistant project