Latest Internet & Cybersecurity News
Critical React server‑side RCE 'React2Shell' (CVE‑2025‑55182) exploited in active campaigns
A critical server‑side RCE in React Server Components, tracked as CVE‑2025‑55182 (also linked to duplicate CVE‑2025‑66478), allows unauthenticated remote code execution and has been actively exploited to deploy miners, backdoors and tunnelling tools; vendors urge immediate patching and scanning of exposed RSC/Next.js deployments.
Google links China‑nexus espionage clusters to React2Shell exploitation
Google observed multiple China‑nexus clusters (e.g., UNC6600, UNC6586) exploiting React2Shell to deliver tooling such as MINOCAT (FRP tunneler), SNOWLIGHT downloader and various backdoors, underscoring rapid weaponization of the flaw across industries.
Massive data breach: 700Credit exposes 5.8 million individuals' personal data
Threat actors stole names, addresses, dates of birth and Social Security numbers for about 5.8 million people from 700Credit's systems, highlighting ongoing risk to consumer‑reporting pipelines and downstream identity fraud.
Minteye ransomware claims 1.9 TB exfiltration from David M. Schwarz Architects
Ransomware group Minteye published a claim that it exfiltrated roughly 1.9 TB of data from architecture firm David M. Schwarz Architects, threatening publication and prompting incident response and compromise assessments.
Wavenet breached by 'Worldleaks' — potential class action and consumer risk
Wavenet reported a breach attributed to the Worldleaks group on December 14, 2025, triggering class‑action notices and recommendations for exposed customers to monitor credentials and take protective measures.
WinRAR zero‑day, Apple 0‑days and other active exploits top weekly threat recap
A recent weekly security roundup documents multiple high‑profile zero‑days — including Apple and WinRAR issues — alongside credential theft campaigns and supply‑chain intrusions, advising rapid patching and incident hunting.
Pro‑Russia hacktivists escalate attacks on critical infrastructure globally, CISA warns
CISA issued advisories linking pro‑Russia hacktivist operations to disruptive attacks against infrastructure, providing mitigation guidance to operators of critical systems to reduce exposure.
700Credit breach fuels renewed calls for stricter data‑broker controls and remediation
The scale and sensitivity of the 700Credit breach has driven regulatory and industry discussion about tighter controls on consumer data brokers and faster breach notification and remediation practices.
2025 marks acceleration of AI in both defensive and offensive cyber operations
Analysts report 2025 as the year cybersecurity 'crossed the AI Rubicon,' with widespread deployment of AI for automated defense and adversaries using AI to scale phishing, vulnerability discovery, and malware generation.
Gentlemen ransomware emerges as a new corporate threat group
Security researchers have identified 'Gentlemen' ransomware variants targeting corporate networks; initial reporting warns on extortion and data‑leak double extortion tactics and recommends hardening backups and network segmentation.
U.S. prosecution of foreign nationals for infrastructure cyberattacks continues
Recent reporting notes continued criminal charges against foreign nationals accused of cyberattacks on critical infrastructure, reflecting sustained international law‑enforcement focus on state‑linked and criminal operators.
Regional focus: GCC cybersecurity trends from SANS threat landscape review
A regional SANS review highlights evolving threats in the Gulf Cooperation Council (GCC), including targeted espionage, OT risk and the need for improved threat detection and workforce skills in 2025.