Information security

Information security

The React 19 library for building application interfaces was hit with a remote code vulnerability, React2Shell, about a month ago. However, as researchers delve deeper into the bug, the larger picture gradually unravels. The vulnerability enables unauthenticated remote code execution through React Server Components, allowing attackers to execute arbitrary code on affected servers via a crafted request. In other words, a foundational web framework feature quietly became an initial access vector.

At the recent RSA Conference - an annual IT security event, held this year in San Francisco - the expo floor was brimming with security vendors, partners and information security executives looking to advance their security posture and operations. Considering the many different perceived security challenges, solutions, products and services evidences just how dynamic - and perhaps volatile - this industry can really be.

In this case, the victim is one of the digital advertising screens so beloved of public spaces these days. Rather than having a human paste up posters regularly, these things allow seamless content updates to delight passing travelers until, of course, the bork fairy pays a visit. This example of the fairy's evil work can be found at one of the station's entrances and is both an example of an unhappy update and the infamous Progress Bar of Lies.

Notably, for the seven years since her arrest, Ms. Mangi has complied with her conditions of release. She is 70 years old and has lived at the same address for the past 28 years,

Trust Wallet is urging users to update its Google Chrome extension to the latest version following what it described as a "security incident" that led to the loss of approximately $7 million. The issue, the multi‑chain, non‑custodial cryptocurrency wallet service said, impacts version 2.68. The extension has about one million users, according to the Chrome Web Store listing. Users are advised to update to version 2.69 as soon as possible.

Once again threat actors kept cyber pros on their toes in 2025 in a never-ending cat-and-mouse game. But amid the noise, there were some notable stories and incidents affecting household names in the UK - the likes of Marks & Spencer, Co-op, and Jaguar Land Rover - meaning that 2025 will undoubtedly live long in the memory. Here are Computer Weekly's top cyber crime stories of 2025

The Cybersecurity and Infrastructure Security Agency (CISA) published a guide detailing venue security and disruption management. In this guide, venue owners and operators can review fundamental strategies to mitigate repercussions of possible disruptions to the critical lifeline sectors of: Communications Energy Transportation Water and Wastewater Systems While this guide serves as a broad catalog for support, it is not comprehensive. Security leaders in the event security space are encouraged to leverage the provided resources and consider them in the context of their venue's unique needs.

Investors are concerned with future stock performance over the next one, five, or 10 years. While most Wall Street analysts will calculate 12-month forward projections, it is clear that nobody has a consistent crystal ball, and plenty of unforeseen circumstances can render even near-term projections irrelevant. 24/7 Wall St. aims to present some further-looking insights based on CrowdStrike's own numbers, along with business and market development information that may be of help with your own research.

Robust IT systems support uninterrupted operations through resilience, security, and proactive monitoring. CIOs report that 87% of digital-first businesses rely on automated failover systems to reduce service disruption. Continuous monitoring helps detect failures before they impact users. Recovery plans activate system redundancies and restore functions with minimal input. Automated backup schedules and patch management prevent gaps in continuity. IT managers emphasise the role of configuration management and centralised monitoring tools.

The biggest event of 2025 in the PC market has been the end of support for Windows 10. It was positioned as the last major release of the Windows operating system, which would be kept updated by over-the-air Windows updates. But when Windows 11 was launched in 2021, Microsoft set the date for the end of support for Windows 10 - October 5, 2025.

Cybercriminals stole $2.7 billion in crypto this year, a new record for crypto-stealing hacks, according to blockchain monitoring firms. Once again, in 2025, there were dozens of crypto heists hitting several cryptocurrency exchanges and other web3 and decentralized finance (DeFi) projects. The biggest hack by far was the breach at Dubai-based crypto exchange Bybit, where hackers stole around $1.4 billion in crypto.

When black markets for drugs, guns, and all manner of contraband first sprang up on the dark web more than a decade ago, it seemed that cryptocurrency and the technical sophistication of the anonymity software Tor were the keys to carrying out billions of dollars worth of untouchable, illicit transactions online. Now, all of that looks a bit passé. In 2025, all it takes to get away with tens of billions of dollars in black-market crypto deals is a messaging platform willing to host scammers and human traffickers, enough persistence to relaunch channels and accounts on that service when they're occasionally banned, and fluency in Chinese.

I watched a man leave his house in the morning in New York," Jordan says in his video.

Cyber threats last week showed how attackers no longer need big hacks to cause big damage. They're going after the everyday tools we trust most - firewalls, browser add-ons, and even smart TVs - turning small cracks into serious breaches. The real danger now isn't just one major attack, but hundreds of quiet ones using the software and devices already inside our networks. Each trusted system can become an entry point if it's left unpatched or overlooked.

In addition to working as advertised, the secret-stealing library, which is a fork of the legitimate @whiskeysockets/baileys package, uses WebSocket to communicate with WhatsApp. However, this means that every WhatsApp communication passes through the socket wrapper, allowing it to capture your credentials when you log in and intercept messages as they are sent and received. "All your WhatsApp authentication tokens, every message sent or received, complete contact lists, media files - everything that passes through the API gets duplicated and prepared for exfiltration," Admoni wrote.

"Previously, users received 'pure' Trojan APKs that acted as malware immediately upon installation," Group-IB said in an analysis published last week. "Now, adversaries increasingly deploy droppers disguised as legitimate applications. The dropper looks harmless on the surface but contains a built-in malicious payload, which is deployed locally after installation - even without an active internet connection."

Let's be honest: most agencies don't have a blank check to invest in cybersecurity modernization. But that doesn't mean they're stuck. You don't need a full rip-and-replace to make meaningful progress; you need clarity, urgency and smart prioritization. Whether you're working with a full budget or a shoestring one, there are moves you can make today that will strengthen your defenses tomorrow.

SailPoint has announced new integrations with the CrowdStrike Falcon platform to connect identity governance with endpoint security. The integrations enable shared data and automated workflows between identity and security systems to help organisations respond faster to identity-based threats. The integrations connect SailPoint's Identity Security Cloud with multiple Falcon platform components, including Falcon Next-Gen Identity Security, Falcon Next-Gen SIEM, and Falcon Fusion SOAR, now part of CrowdStrike Charlotte AI.

But what would happen if such a technology were to land in the hands of terrorists and criminals, who aren't beholden to the norms of modern warfare at all? In a new report, pan-European police agency Europol's Innovation Lab has imagined a not-so-distant future in which criminals could hijack autonomous vehicles, drones, and humanoid robots to sow chaos - and how law enforcement will have to step up as a result.

Traditional password-based protection is no longer sufficient, prompting organizations to adopt behavioral access control systems that continuously analyze user actions for anomalies. These platforms monitor keystrokes, mouse activity, application usage, and network patterns to detect suspicious behavior in real time. By combining machine learning, biometric verification, and zero-trust principles, companies enhance workforce protection while minimizing the risk of account compromise.

UEFI and IOMMU are designed to enforce a security foundation and prevent peripherals from performing unauthorized memory accesses, effectively ensuring that DMA-capable devices can manipulate or inspect system memory before the operating system is loaded. The vulnerability, discovered by Nick Peterson and Mohamed Al-Sharifi of Riot Games in certain UEFI implementations, has to do with a discrepancy in the DMA protection status. While the firmware indicates that DMA protection is active, it fails to configure and enable the IOMMU during the critical boot phase.

Even incidents like the Colonial Pipeline ransomware attack, which showed us how the cyber world and our physical lives intersect, stopped far short of societal disruption. However, the threat of cyberwar has been building, influenced by advancements in AI and increased presence of actors in U.S. systems and telecommunication networks. A military conflict could escalate these attacks to scale, crippling critical infrastructure and public safety systems like power grids, transportation networks and emergency response, even disrupting military communications and undermining response.