RondoDox botnet exploits React2Shell flaw to breach Next.js servers

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js ...

Supply chains, AI, and the cloud: The biggest failures (and one success) of 2025

The backdooring of more than 500 e-commerce companies, including a $40 billion multinational company. The source of the ...
CoinDesk

Unleash Protocol hit by $3.9 million exploit with funds routed through Tornado Cash

An attacker seized control of Unleash Protocol’s multisig governance to upgrade contracts and siphon funds, which were later ...

Hacker arrested for KMSAuto malware campaign with 2.8 million downloads

A Lithuanian national has been arrested for his alleged involvement in infecting 2.8 million systems with clipboard-stealing ...
InfoWorld

React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web

The explosive, easy-to-trigger vulnerability was exploited within hours of disclosure, exposing the risks of default ...
SecurityWeek

Fresh MongoDB Vulnerability Exploited in Attacks

Hackers are exploiting CVE-2025-14847, aka MongoBleed, a MongoDB vulnerability, to leak sensitive information from server ...