A new malware implant called EtherRAT, deployed in a recent React2Shell attack, runs five separate Linux persistence mechanisms and leverages Ethereum smart contracts for communication with the attacker. Researchers at cloud security company Sysdig believe that the malware aligns with North Korea's tools used in Contagious Interview campaigns. They recovered EtherRAT from a compromised Next.js application just two days after the disclosure of the critical React2Shell vulnerability tracked as CVE-2025-55182.
The threat actor known as Storm-0249 is likely shifting from its role as an initial access broker to adopt a combination of more advanced tactics like domain spoofing, DLL side-loading, and fileless PowerShell execution to facilitate ransomware attacks. "These methods allow them to bypass defenses, infiltrate networks, maintain persistence, and operate undetected, raising serious concerns for security teams," ReliaQuest said in a report shared with The Hacker News.
Security RX App treats application security as a runtime reality, not a static to-do list. Gone are the days of sifting through thousands of alerts for vulnerabilities in code that is not even in production: Security RX Focus on what matters first: Automatically filter out vulnerabilities in libraries sitting in a repo undeployed, so you can easily fix what's live first.
Researchers at GreyNoise have identified a large-scale, ongoing campaign of login attempts targeting Palo Alto Networks and SonicWall VPN environments. According to the company, this is a coordinated attack in which the same tooling has been used over several months and across varying infrastructure. The campaign came to light after GreyNoise observed a spike on December 2 of more than 7,000 IP addresses attempting to log in to Palo Alto GlobalProtect portals.
In December 2011, the CIA lost control of a stealth drone near the Iranian city of Kashmar, about 140 miles from the Afghanistan border, and it wound up in the regime's possession. On state television, the Iranian military displayed the boomerang-shaped craft like a trophy. Triumphant banners beneath its 30-foot wings said, in Farsi, THE US CAN'T MESS WITH US and WE'LL CRUSH AMERICA UNDERFOOT.
Knight, who has over 25 years of experience in online security, revealed these have likely already begun, and warned people need to be extra vigilant as tensions rise. He admitted America has a huge advantage over Venezuela with its capabilities, and is understood to already be hitting assets like air defenses and security apparatus. But he warned hackers could unleash a wave of phishing links, fake emails and false profiles to impact ordinary Americans.
JFrog today expanded its Software Supply Chain Platform with a new feature called Shadow AI Detection, designed to give enterprises visibility and control over the often-unmanaged AI models and API calls creeping into their development pipelines.
Maintained by Meta, React is an open source resource designed to enable developers to build user interfaces (UIs) for both native and web applications. The vulnerability in question, assigned CVE-2025-55182 and dubbed React2Shell by the cyber community, is a critically-scored pre-authentication RCE flaw in versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 of React Server Components that exploits a flaw in how they decode payloads sent to React Function Endpoints.
Security researcher Lyra Rebane has devised a novel clickjacking attack that relies on Scalable Vector Graphics (SVG) and Cascading Style Sheets (CSS). Rebane demonstrated the technique at BSides Tallinn in October and has now published a summary of her approach. The attack, which has yet to be fully mitigated, relies on the fact that SVG filters can leak information across origins, in violation of the web's same-origin policy.
In a post on its dark web leak site, seen by The Register, Everest said: "Files contain this information and much more: Binary segmentation modules, Source code & patches, RAM dumps & memory logs, AI models & weights, OEM internal tools & firmware, Test videos, Calibration & dual-camera data, Image datasets, Crash logs & debug reports, Evaluation & performance reports, HDR, fusion, post processing data, Test APKs, experimental apps, Scripts & automation, Small config binary calibration files."
In short, while there was no evidence that unsanctioned app use is routine or normalized, it is likely that enough staff are using them to make a serious breach possible at some point. The report concludes that one of the reasons staff have taken to these messaging apps was that they lack convenient alternatives. It recommends developing approved apps to remove this need,
The two companies are presenting five innovations for data resilience, ranging from backup for HPE Morpheus VM Essentials to improved storage efficiency with HPE StoreOnce. Veeam and HPE are focused on simplifying data protection in hybrid cloud environments. Trust, resilience, and availability are key areas of focus. The strengthened collaboration aims to give companies more control over their data, regardless of where it is located.
Researchers at Trend Micro said in March that nearly a thousand malicious .lnk samples dating back to 2017 exploited this weakness across a mix of state-sponsored and cybercriminal campaigns worldwide. "Our analysis revealed that 11 state-sponsored groups from North Korea, Iran, Russia, and China have employed ZDI-CAN-25373 in operations primarily motivated by cyber espionage and data theft," it said at the time.
In 2025, trust became the most exploited surface in modern computing. For decades, cyber security has centered on vulnerabilities, software bugs, misconfigured systems and weak network protections. Recent incidents in cyber security marked a clear turning point, as attackers no longer needed to rely solely on traditional techniques. This shift wasn't subtle. Instead, it emerged across nearly every major incident: supply chain breaches leveraging trusted platforms, credential abuse across federated identity systems,
Aisuru is a relative newcomer to the botnet scene. It was first spotted in 2024, but it has quickly grown into a Mirai-class monster built from hijacked routers, cameras, and other bargain-basement IoT gear. Despite its humble parts, it punches far above its weight, firing off multi-terabit, multibillion-packet-per-second DDoS blasts that make earlier Mirai variants look almost low-key by comparison.
After a torrid 2024, the wider macroeconomic conditions affecting cyber security professionals showed signs of levelling off in 2025, with reports of budget cuts and layoffs to cyber teams dropping slightly this year after surging in the prior period. However, constrained budgets remain a key driver behind the ongoing cyber skills shortage. This is according to the annual Cybersecurity workforce study produced by cyber professional association ISC2, which polled over 16,000 security professionals to produce this year's report.
