Latest Internet & Cybersecurity News
React2Shell Zero-Day RCE in React Server Components (CVE-2025-55182)
Unauthenticated attackers can execute arbitrary code on vulnerable React Server Components servers, a CVSS 10.0 flaw actively exploited in phishing campaigns. It serves as a common entry point for broader enterprise attacks, often chained with privilege escalation. Security teams urged to apply patches and strengthen email controls.
FortiGate Authentication Bypass Vulnerabilities (CVE-2025-59718, CVE-2025-59719)
Critical flaws in FortiGate appliances allow authentication bypass, with malicious SSO login attempts observed by Arctic Wolf. Attackers target VPN and SSO configurations to harden perimeter systems. Mitigation includes patching and enforcing least privilege.
Chinese Hacking Group Breaches UK Foreign Office
Suspected Storm-1849 group, linked to ArcaneDoor campaign, breached UK Foreign Office in October using Cisco zero-days targeting government networks. Cisco warned of ongoing activity in September. This highlights persistent nation-state threats to diplomatic entities.
Ransomware Attack Hits Romania’s Water Management Authority
Attackers compromised ~1,000 systems across 10 of 11 river basin organizations starting December 20, using Windows BitLocker to lock files and demand ransom. Operational capabilities unaffected per authorities. Victims instructed to contact within 7 days.
Interpol’s Operation Sentinel Arrests 500+ in Cybercrime Bust
Operation across 19 countries recovered $3M, took down 6,000 malicious links, and decrypted six ransomware variants linked to BEC, extortion, ransomware. Over 500 suspects arrested in month-long initiative. Demonstrates global law enforcement coordination.
Iranian APT Prince of Persia Resurfaces After 5 Years
Infy group targets Middle East, Europe, India, Canada with updated Foudre downloader and Tonnerre implant for data exfiltration. Campaign uses executables in documents, DGA C2, and RSA validation. Shows evolution in attack chains.
Qilin, DragonForce, LockBit Form Ransomware Alliance
Announced in September amid police pressure and group dismantlements; ransomware claims up 61% YoY with less concentration. Qilin leads with 13% claims, DragonForce grows moderately, LockBit inactive since June. Reflects ecosystem fragmentation.
Operation PCPcat Compromises 59,000+ Next.js Servers
Credential theft campaign exploits CVE-2025-29927 and CVE-2025-66478 for RCE, stealing credentials globally. Highly sophisticated mass compromise of Next.js servers. Urgent patching recommended for vulnerable instances.
Microsoft 365 Accounts Compromised via OAuth Device Code Phishing
Multiple actors abuse device code authorization for account takeovers without passwords, using social engineering. Linked to tracked clusters with documented victims. Detection focuses on identity anomalies and unusual access.
HPE OneView Maximum-Severity RCE Vulnerability (CVE-2025-37164)
Unauthenticated RCE in centralized management platform for servers, storage, networking; patched by HPE. Compromise risks control over downstream infrastructure. High-impact due to management-plane exposure.
French Interior Ministry Email Services Cyberattack Confirmed
Incident enables account takeover, phishing, and data theft; under active investigation. Pattern seen in government breaches leading to BEC and SaaS attacks. Highlights email as repeatable intrusion vector.
Nigerian Arrests in Raccoon0365 Microsoft 365 Phishing
Three individuals linked to targeted M365 cyberattacks via Raccoon0365 platform arrested. Part of broader enforcement against phishing operations. underscores platform's role in account compromises.