A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
BleepingComputer
Critical React, Next.js flaw lets hackers execute code on servers
A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote co...
​Microsoft is investigating and working to resolve a known issue that prevents customers from downloading Microsoft 365 desktop apps from the Microsoft 365 homepage.
BleepingComputer
Microsoft 365 license check bug blocks desktop app downloads
​Microsoft is investigating and working to resolve a known issue that prevents customers from downloading Microsoft 365 desktop apps from the Mic...
Financial software provider Marquis Software Solutions is warning that it suffered a data breach that impacted dozens of banks and credit unions across the US.
BleepingComputer
Marquis data breach impacts over 74 US banks, credit unions
Financial software provider Marquis Software Solutions is warning that it suffered a data breach that impacted dozens of banks and credit unions ac...
Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025-8489) in the King Addons for Elementor plugin for WordPress, which lets them obtain administrative permissions during the registration process.
BleepingComputer
Critical flaw in WordPress add-on for Elementor exploited in attacks
Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025-8489) in the King Addons for Elementor plugin for WordPre...
Leroy Merlin is sending security breach notifications to customers in France, informing them that their personal data was compromised.
BleepingComputer
French DIY retail giant Leroy Merlin discloses a data breach
Leroy Merlin is sending security breach notifications to customers in France, informing them that their personal data was compromised.
Freedom Mobile, the fourth-largest wireless carrier in Canada, has disclosed a data breach after attackers hacked into its customer account management platform and stole the personal information of an undisclosed number of customers.
BleepingComputer
Freedom Mobile discloses data breach exposing customer data
Freedom Mobile, the fourth-largest wireless carrier in Canada, has disclosed a data breach after attackers hacked into its customer account managem...
Roskomnadzor, Russia's telecommunications watchdog, has blocked access to the Roblox online gaming platform for failing to stop the distribution of what it described as LGBT propaganda and extremist materials.
BleepingComputer
Russia blocks Roblox over distribution of LGBT "propaganda"
Roskomnadzor, Russia's telecommunications watchdog, has blocked access to the Roblox online gaming platform for failing to stop the distributi...
Google is expanding support for its Android's in-call scam protection to multiple banks and financial applications in the United States.
BleepingComputer
Google expands Android scam protection feature to Chase, Cash App in U.S.
Google is expanding support for its Android's in-call scam protection to multiple banks and financial applications in the United States.
Microsoft has silently mitigated a high-severity Windows LNK vulnerability exploited by multiple state-backed and cybercrime hacking groups in zero-day attacks.
BleepingComputer
Microsoft "mitigates" Windows LNK flaw exploited as zero-day
Microsoft has silently "mitigated" a high-severity Windows LNK vulnerability exploited by multiple state-backed and cybercrime hacking groups in ze...
In just three months, the massive Aisuru botnet launched more than 1,300 distributed denial-of-service attacks, one of them setting a new record with a peak at 29.7 terabits per second.
BleepingComputer
Aisuru botnet behind new record-breaking 29.7 Tbps DDoS attack
In just three months, the massive Aisuru botnet launched more than 1,300 distributed denial-of-service attacks, one of them setting a new record wi...