‘ShadyPanda’ Hackers Weaponize Millions of Browsers – Dark Reading
The China-based cyber-threat group has been quietly using malicious extensions on the Google Chrome and Microsoft Edge marketplaces to spy on millions of users. – Read More
Cyber
Critical React Flaw Triggers Calls for Immediate Action – Dark Reading
The vulnerability, which was assigned two CVEs with maximum CVSS scores of 10, may affect more than a third of cloud service providers. – Read More
Arizona AG Sues Temu Over ‘Stealing’ User Data – Dark Reading
The suit alleges the Chinese retailer’s app secretly accesses and harvests users’ sensitive information without their knowledge or consent. – Read More
Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution – The Hacker News
A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as CVE-2025-55182, carries a CVSS…
Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation – The Hacker News
Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company’s November 2025 Patch Tuesday updates, according to ACROS…
WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts – The Hacker News
A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild. The vulnerability, CVE-2025-8489 (CVSS score: 9.8), is a…
Hybrid 2FA phishing kits are making attacks harder to detect – CSO Online
Some 2FA-phishing attacks are becoming significantly harder to spot as threat actors blend two previously distinct phishing-as-a-service (PhaaS) kits: Salty2FA and Tycoon2FA, into a single hybrid strain. Researchers at Any.Run…
[Dark Reading Virtual Event] Cybersecurity Outlook 2026 – Dark Reading
Post Content – Read More
Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud – The Hacker News
The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application (HTA) files and PDFs to propagate…
Get poetic in prompts and AI will break its guardrails – CSO Online
Poetry can be a perplexing art form for humans to decipher at times, and apparently AI is being tripped up by it too. Researchers from Icaro Lab (part of the…
The Ransomware Holiday Bind: Burnout or Be Vulnerable – Dark Reading
Ransomware groups target enterprises during off-hours, weekends, and holidays when security teams are stretched thin and response times lag. – Read More
Neue bösartige Browser-Erweiterungen entdeckt – CSO Online
Cyberangreifer nutzen Chrome- und Edge-Add-ons zur Datenerfassung, Suchmanipulation und als Backdoor. Ascannio – shutterstock.com Forscher des Security-Anbieters Koi haben eine Cyberbande namens „ShadyPanda“ dabei ertappt, wie sie vertrauenswürdige Browser-Erweiterungen für…
Discover the AI Tools Fueling the Next Cybercrime Wave — Watch the Webinar – The Hacker News
Remember when phishing emails were easy to spot? Bad grammar, weird formatting, and requests from a “Prince” in a distant country? Those days are over. Today, a 16-year-old with zero…
AI Bolsters Python Variant of Brazilian WhatsApp Attacks – Dark Reading
Water Saci has upgraded its self-propagating malware to compromise banks and cryptocurrency exchanges by targeting enterprise users of the popular chat app. – Read More
AI, automation, and integration: The foundation for cyber protection in 2026 – CSO Online
Cyber protection grew more complex in 2025 as more threat actors turned to artificial intelligence (AI) to increase their speed, scale, and precision. These autonomous ransomware, phishing, and data exfiltration…