Latest Internet & Cybersecurity News
Google confirms global exploitation of React2Shell (CVE-2025-55182)
Google says multiple threat actors — including Earth Lamia, Jackpot Panda and at least five China-linked groups — are actively exploiting the React2Shell vulnerability to conduct cyber-espionage and deliver backdoors and miners, raising global risk to web-facing services.
Amazon disrupts GRU-linked campaign targeting critical cloud infrastructure
Amazon Threat Intelligence reports it disrupted a long-running campaign attributed with high confidence to actors linked to Russia’s GRU that targeted cloud customer infrastructure and perimeter devices, exploiting product flaws and misconfigurations since 2021.
CISA adds new Known Exploited Vulnerability after active SSO/cloud attacks
CISA added CVE-2025-59718 to its KEV catalog following confirmed exploitation involving malicious SSO logins and exfiltration of device configurations that could enable follow-on attacks, with remediation deadlines imposed.
Elastic and CISA launch cloud-based SIEM-as-a-Service for federal agencies
Elastic and CISA announced a cloud-based SIEMaaS to centralize telemetry and strengthen federal agency detection and response capabilities, aiming to reduce fragmentation and improve incident response across U.S. government networks.
AI-related risks reshape cybersecurity guidance and priorities
Industry reports and the Cloud Security Alliance say security teams are rapidly adopting AI while warning of novel risks — prompt injection, model inversion and multi-modal data leakage — and proposing new AI-specific controls for enterprise data protection.
Apple fixes zero-day flaws used in 'sophisticated' attacks
Apple released patches addressing zero-day vulnerabilities that were actively exploited in targeted, sophisticated attacks, with vendors urging rapid updates to prevent further compromise.
Cisco warns of active attacks and urges critical patching
Cisco issued warnings about active exploitation of vulnerabilities in its products and recommended immediate patching and mitigations after observing attacker activity consistent with both espionage and financially motivated campaigns.
North Korea-linked actors reported largest crypto thefts of 2025
Reporting indicates DPRK-linked groups stole roughly $2.02 billion in 2025 via cryptocurrency thefts and related operations, marking them among the year’s most prolific financially motivated state-aligned cybercrime actors.
GhostPoster and Arcane Werewolf phishing campaigns target industrial and regional firms
Security firms reported GhostPoster and Arcane Werewolf phishing campaigns — the latter observed against Russian manufacturing — that use credential theft and malicious attachments to gain initial access and move laterally.
Major incidents review highlights ransomware, supply-chain and cloud breaches in 2025
Year-to-date reviews outline a pattern of high-impact incidents in 2025: ransomware strikes, supply-chain compromises, OAuth abuse and shadow AI exposures that have affected governments and large corporations worldwide.
Research convening links AI, terrorism and global security concerns
Experts at a recent conference discussed AI-enabled terrorism, dual-use risks in defense and the need for coordinated research and policy to address how advanced AI amplifies cyber and national-security threats.
Security vendors document surge in prompt-injection and AI-targeted attacks
Vendors and analysts report rising prompt-injection attacks and AI-targeted exploitation attempts, prompting calls for updated secure-development and model-governance practices to protect data and ML pipelines.