Earlier today, Cloudflare experienced a widespread outage that caused websites and online platforms worldwide to go down, returning a “500 Internal Server Error” message. The internet infrastructure company has now blamed the incident on the rollout of emergency mitigations designed to address a critical remote code execution vulnerability in React Server Components, which is now actively exploited […]
American pharmaceutical firm Inotiv is notifying thousands of people that they’re personal information was stolen in an August 2025 ransomware attack. Inotiv is an Indiana-based contract research organization specializing in drug development, discovery, and safety assessment, as well as live-animal research modeling. The company has about 2,000 employees and an annual revenue exceeding $500 million. When […]
Multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) affecting React and Next.js just hours after the max-severity issue was disclosed. React2Shell is an insecure deserialization vulnerability in the React Server Components (RSC) ‘Flight’ protocol. Exploiting it does not require authentication and allows remote execution of JavaScript code in the server’s context. For the Next.js framework, […]
Cloudflare is down, as websites are crashing with a 500 Internal Server Error. Cloudflare has confirmed that it’s investigating the reports. Cloudflare, a service that many websites use to stay fast and secure, is currently facing problems. Because of this, people visiting some websites are seeing a â500 Internal Server Errorâ message instead of the […]
Threat actors have been exploiting a command injection vulnerability in Array AG Series VPN devices to plant webshells and create rogue users. Array Networks fixed the vulnerability in a May security update, but has not assigned an identifier, complicating efforts to track the flaw and patch management. An advisory from Japan’s Computer Emergency and Response Team (CERT) warns […]
The Predator spyware from surveillance company Intellexa has been using a zero-click infection mechanism dubbed âAladdin,â which compromised specific targets by simply viewing a malicious advertisement. This powerful and previously unknown infection vector is meticulously hidden behind shell companies spread across multiple countries, now uncovered in a new joint investigation by Inside Story, Haaretz, and WAV Research Collective. […]
Russian telecommunications watchdog Roskomnadzor has blocked access to Apple’s FaceTime video conferencing platform and the Snapchat instant messaging service, claiming they’re being used to coordinate terrorist attacks. Roskomnadzor said that the two platforms are also being used to recruit criminals and to commit fraud and various other crimes targeting Russian citizens. “According to law enforcement […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned network defenders of Chinese hackers backdooring VMware vSphere servers with Brickstorm malware. In a joint malware analysis report with the National Security Agency (NSA) and Canada’s Cyber Security Centre, CISA says it analyzed eight Brickstorm malware samples. These samples were discovered on networks belonging to victim organizations, where […]
U.S. prosecutors have charged two Virginia brothers arrested on Wednesday with allegedly conspiring to steal sensitive information and destroy government databases after being fired from their jobs as federal contractors. Twin brothers Muneeb and Sohaib Akhter, both 34, were also sentenced to several years in prison in June 2015, after pleading guilty to accessing U.S. State Department systems without […]
A maximum severity vulnerability, dubbed ‘React2Shell’, in the React Server Components (RSC) ‘Flight’ protocol allows remote code execution without authentication in React and Next.js applications. The security issue stems from insecure deserialization. It received a severity score of 10/10 and has been assigned the identifiers CVE-2025-55182 for React and CVE-2025-66478 (CVE rejected in the National Vulnerability Database) for Next.js. Security researcher Lachlan Davidson discovered […]
