SecurityWeek

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

The UAT-10608 hacking group is using automated scanning and scripts to exploit React2Shell in a large-scale credential ...
The Hacker News

TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks

CVE-2026-3502 (CVSS 7.8) exploited in early 2026 via TrueConf updates, enabling Havoc malware deployment across government ...
SecurityWeek

CrewAI Vulnerabilities Expose Devices to Hacking

Four vulnerabilities in CrewAI could be chained together via prompt injection for sandbox escape, remote code execution, and ...

New Password Stealer Bypasses 2FA—Chrome, Edge And Firefox Targeted

This new Storm attack platform can exfiltrate passwords and session data, enabling 2FA bypass. Google Chrome, Microsoft Edge ...

The Memory Inversion: Exploiting Micron's Algorithmic AI Valuation Fracture

Wall Street's mispricing of its AI infrastructure transition. MU's shift to 5-year Strategic Customer Agreements and HBM4 ...
CSO Online

Security lapse lets researchers see React2Shell hackers’ dashboard

The campaign is stealing credentials from unpatched servers at scale, due to “neglect and efficiency,” says analyst, and the ...
Microsoft

Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments

Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting ...
Security Boulevard

46 Vulnerability Statistics 2026: Key Trends in Discovery, Exploitation, and Risk

Vulnerability attacks rose 56% in 2025. Explore 46 statistics on CVE disclosure, exploitation patterns, and industry impact to guide your 2026 security strategy. The post 46 Vulnerability Statistics ...

Android Alert: 50 Google Play Apps Linked to ‘NoVoice’ Malware Reached 2.3M Downloads

NoVoice malware was found in 50 Android apps on Google Play, with 2.3 million downloads, by bypassing detection and targeting ...

Telegram: Controversy over critical or high-risk security vulnerability

IT researchers have identified a supposedly critical zero-click vulnerability in Telegram. Telegram disputes this.
Dark Reading

Storm Brews Over Critical, No-Click Telegram Flaw

The vulnerability, which is allegedly triggered by a corrupted sticker in the messaging app, received a 9.8 CVSS score, but ...
Infosecurity Magazine

ChatGPT Security Issue Enabled Data Theft via Single Prompt

A security vulnerability in ChatGPT executed with a single malicious prompt could be exploited to covertly exfiltrate ...