Singapore’s CSA warns of a CVSS 10.0 SmarterMail vulnerability allowing unauthenticated remote code execution via file upload ...
SmarterMail patched CVE-2025-52691, a maximum-severity RCE flaw allowing unauthenticated arbitrary file uploads Exploitation ...
RondoDox botnet exploits the React2Shell vulnerability in Next.js, with over 90,000 exposed systems used to deploy miners and ...
The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js ...
December 2025, the RondoDox botnet operators have been targeting Next.js servers impacted by the React2Shell vulnerability.
The explosive, easy-to-trigger vulnerability was exploited within hours of disclosure, exposing the risks of default ...
Every day has the potential to be a bad day for a CSO. However, the second Tuesday of each month – Patch Tuesday – is almost ...
The zero-day exploitations of Ivanti's MDM platform meant unprecedented pwning of 1000s of orgs by a Chinese APT — and ...
11hon MSNOpinion
Trump admin sends heart emoji to commercial spyware makers with lifted Predator sanctions
Predator has remained available through the Intellexa spyware consortium despite US sanctions imposed in 2024 on ...
The final weeks of 2025 did not arrive quietly. A single software flaw rippled across the internet, healthcare providers disclosed deeply personal data exposures, and millions of everyday devices ...
DarkSpectre refers to three malware campaigns tied to malicious browser extensions, including 'sleeper' extensions that seem legit, but are not.
Infosecurity has selected five of the most significant vulnerability exploitation campaigns of 2025 that led to major ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback