React2Shell used as initial access vector for Weaxor ransomware deployment

React2Shell used as initial access vector for Weaxor ransomware deployment

S-RM has responded to an incident where a threat actor used the recently disclosed critical vulnerability known as React2Shell (CVE-2025-55182) to ...

US seizes E-Note crypto exchange

 

A suspected Chinese APT is exploiting a new Cisco zero-day -impacts Cisco Secure Email Gateway And Cisco Secure Email and Web Manager -CVE-2025-20393 -CVSS score: 10 -APT is UAT-9686

Cisco Talos Blog

UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager

Cisco Talos is tracking the active targeting of Cisco AsyncOS Software for Cisco Secure Email Gateway, formerly known as Cisco Email Security Appli...

-Most smart devices run outdated web browsers -Ukraine hacks major Russian defense contractor -Ransomware hits Venezuela's oil company -Hackers are trying to extort PornHub with stolen user data -SoundCloud has a data breach -Ribbon Finance hacked for $2.7m -Prosper data breach exposes 17.6m users -Iranian hackers put out bounties on Israelis -Russian hackers breach Dutch public fountain (yes, you read it right) Podcast:

Risky Bulletin: Most smart devices run outdated web browsers - Risky Business Media

Most smart devices run outdated web browsers, Ukrainian hacktivists breach a major Russian defense contractor, ransomware hits Venezuela

Newsletter:

Risky.Biz

Risky Bulletin: Most smart devices run outdated web browsers

In other news: Ukraine hacks major Russian defense contractor; ransomware hits Venezuela's oil company; hackers are trying to extort PornHub with s...

Microsoft is deprecating the old RC4 cipher from Kerberos authentication

Beyond RC4 for Windows authentication

As organizations face an evolving threat landscape, strengthening Windows authentication is more critical than ever.

A Chrome extensions has been caught stealing prompts that users entered into AI chatbots

8 Million Users' AI Conversations Sold for Profit by "Privacy" Extensions

Privacy browser extensions misled users and sold 8 million AI chat logs, exposing sensitive conversations for profit without consent.

Serbian police have detained two Chinese nationals for driving around with an SMS blaster device in their car. The duo allegedly sent SMS phishing messages that lured locals to phishing sites and collect payment card details. Collected card data was later abused overseas.

Ухапшени држављани Кине због спречавања приступа јавној рачунарској мрежи и фалсификовања и злоупотребе платних картица

МУП

Malicious videos leading users to malware-laced files have made their way on Russia's RuTube, its in-house YouTube clone

RuTube Videos Share Malware Disguised as Roblox Cheat Tools

In videos showcasing Roblox cheat tools on RuTube, viewers are directed to download files that sneak malware onto their devices.

"Microsoft Scales Back AI Goals Because Almost Nobody Is Using Copilot" :thinkerguns:

ExtremeTech

Microsoft Scales Back AI Goals Because Almost Nobody Is Using Copilot

Google's Gemini is on pace to push Copilot into third place.

Threat actors are tricking WhatsApp users into linking the attacker's device to their accounts in a new attack technique named GhostPairing

GhostPairing Attacks: from phone number to full access in WhatsApp

When “verification codes” quietly hijack your account