VulnHub

A hacking campaign has been targeting GlobalProtect logins and scanning SonicWall APIs since December 2, 2025. The attack is significant due to its scale, involving over 7,000 IP addresses linked to a German hosting provider, indicating a coordinated effort that poses a serious threat to the security of affected systems.

The article discusses a React vulnerability that has been reportedly exploited by attackers, leading to a debate among researchers about the existence of concrete evidence for these attacks. While some researchers claim to have seen proof of concepts demonstrating the exploit, others argue that there is insufficient evidence of actual attacks occurring, complicating the response efforts.

Barts Health NHS Trust has reported a data breach involving the Clop ransomware group, which exploited a vulnerability in the Oracle E-business Suite software to steal files from their database. This incident highlights the ongoing risks associated with unpatched software vulnerabilities and the potential for significant data loss in healthcare organizations.

The FBI has issued a warning regarding virtual kidnapping scams where criminals manipulate social media images to create fake proof of life photos. This alarming tactic is used to extort money from victims' families, highlighting the need for increased awareness and caution regarding online content.

A critical security vulnerability, CVE-2025-66516, has been identified in Apache Tika, posing a risk of XML external entity (XXE) injection attacks. With a CVSS score of 10.0, this flaw affects multiple modules and requires urgent attention from users to prevent exploitation.

A critical vulnerability in the React JavaScript library is currently being targeted by threat actors linked to China, highlighting the urgency for developers to implement patches. The situation underscores the importance of immediate action to secure applications using this library from potential exploitation.

The article discusses a critical vulnerability in React that has been exploited by various threat actors, leading to a significant outage at Cloudflare as they implemented mitigations against the React2Shell exploit. This incident highlights the ongoing risks associated with vulnerabilities in widely used frameworks and the need for timely responses to emerging threats.

CrowdStrike has issued a warning about Warp Panda, a cyber-espionage group linked to China, which is actively targeting North American organizations to steal sensitive data. This campaign aims to advance Beijing's strategic interests, highlighting the ongoing threat posed by state-sponsored cyber activities.

US organizations are being warned about the presence of Chinese malware, specifically BrickStorm, Junction, and GuestConduit, which are being used by the group Warp Panda for long-term persistence in attacks. This poses a significant cybersecurity threat as these malware types can enable attackers to maintain access to compromised systems over extended periods.

Cloudflare has reported an outage due to the emergency patching of a critical React remote code execution vulnerability that is currently being exploited in attacks. This incident highlights the urgency and severity of addressing such vulnerabilities to maintain security and service continuity.