RondoDox botnet exploits React2Shell flaw to breach Next.js servers

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js ...

Thousands of servers exposed as MongoBleed vulnerability exploited

In its writeup, BleepingComputer confirms that there are roughly 87,000 potentially vulnerable instances exposed on the ...
ET CIO

Top 7 Penetration Testing Tools for Enterprises in 2025

Discover the top seven penetration testing tools essential for enterprises in 2025 to enhance security, reduce risks, and ensure compliance in an evolving cyber landscape. Learn about their core ...
TechCrunch

Google launches managed MCP servers that let AI agents simply plug into its tools

AI agents are being sold as the solution for planning trips, answering business questions, and solving problems of all kinds, but getting them to work with tools and data outside their chat interfaces ...
Infosecurity-magazine.com

React2Shell Exploit Campaigns Tied to North Korean Cyber Intrusion Tactics

Security researchers at Sysdig have observed new campaigns exploiting React2Shell which appear to have the hallmarks of North Korean hackers. React2Shell is a remote code execution vulnerability in ...
The New York Times

A Swath of Bank Customer Data Was Hacked. The F.B.I. Is Investigating.

SitusAMC, a technology vendor for real estate lenders, holds sensitive personal information on the clients of hundreds of its banking customers, including JPMorgan Chase. By Rob Copeland Stacy Cowley ...
CNN

Wall Street banks scramble to assess fallout from hack of real-estate data firm

Hackers stole a trove of data from a company used by major Wall Street banks for real-estate loans and mortgages, setting off a scramble to determine what was taken and which banks were affected, ...
CoinTelegraph

Balancer exploit swells to $116M in outflows as team offers 20% bounty

Update Nov. 3, 10:42 am UTC: This article has been updated to include a section on Berachain’s emergency hard fork. Update Nov. 3, 9:47 am UTC: This article has been updated to add the latest figures, ...
Forbes

Ongoing Ransomware Attacks Exploit Linux Vulnerability, CISA Warns

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Admit it: the first thing you think of when ransomware is ...
ExtremeTech

Microsoft Rolls Out Emergency Windows Server Update Following WSUS Exploits

Microsoft has released an emergency out-of-band security update for Windows Server to address a probable remote code execution vulnerability tracked as CVE-2025-59287. The issue affects the Windows ...
Hosted on MSN

Everybody's warning about critical Windows Server WSUS bug exploits ... but Microsoft's mum

Governments and private security sleuths warned that attackers are already exploiting a critical bug in Microsoft Windows Server Update Services, shortly after ...
Infosecurity-magazine.com

Threat Actors Ramp Up Public App Exploits as ToolShell Gains Traction

The ToolShell exploit, affecting on-premises Microsoft SharePoint servers, has driven a rise in threat actors exploiting public-facing applications for initial access. In the last quarter, this tactic ...