VulnHub

A recent study has revealed that most parked domains—those that are expired, dormant, or commonly misspelled versions of popular sites—are now being used to host malicious content. These domains are redirecting users to scam sites or distributing malware, creating significant risks for individuals who may unknowingly type in these addresses. This trend highlights the dangers of direct navigation, where users enter URLs manually. As attackers exploit these parked domains, both casual internet users and organizations may find themselves vulnerable to online scams and security breaches. Awareness and caution are essential for users to avoid falling victim to these tactics.

Fortinet FortiGate devices are currently under active attack due to two recently disclosed vulnerabilities, CVE-2025-59718 and CVE-2025-59719, which allow for authentication bypass through malicious single sign-on (SSO) logins. Cybersecurity firm Arctic Wolf reported observing these attacks on December 12, 2025, just days after the vulnerabilities were made public. This situation poses significant risks for organizations using FortiGate appliances, as attackers can potentially gain unauthorized access to sensitive systems. Companies using these devices should take immediate action to protect their networks and data from these ongoing intrusions.

Google's threat intelligence team has identified five additional Chinese hacking groups involved in exploiting the React2Shell vulnerability, which allows for remote code execution. This vulnerability is considered highly severe, making it a significant risk for affected systems. The groups are believed to be using this exploit to target various organizations, potentially compromising sensitive data and disrupting operations. The identification of these groups emphasizes the ongoing threat posed by state-sponsored hackers and the need for organizations to bolster their defenses against such attacks. Companies that utilize affected software should take immediate action to mitigate risks associated with this vulnerability.

Apple has issued updates for macOS and iOS to address two zero-day vulnerabilities in WebKit that were found to be exploited in a highly sophisticated attack. These vulnerabilities could allow attackers to execute malicious code on affected devices, potentially compromising user data and privacy. The updates are crucial for users of Apple's platforms, as they help protect against active threats that exploit these flaws. Users are encouraged to install the latest updates to ensure their devices are secure. This incident also raises concerns about the interconnectedness of browser vulnerabilities, as these flaws are linked to a Chrome exploit, indicating that security issues can cross platform boundaries.

A vulnerability in GeoServer has been identified, allowing attackers to exploit insufficient sanitization of user input. This flaw enables them to define external entities within XML requests, potentially leading to unauthorized access or data exposure. Organizations using GeoServer should take this threat seriously, as it could compromise the integrity of their data and systems. It's crucial for users to implement adequate security measures to mitigate this risk. As this vulnerability is being actively exploited, immediate action is necessary to protect sensitive information and maintain system security.

The React team has identified and patched two significant vulnerabilities in React Server Components (RSC) that could lead to denial-of-service (DoS) attacks and exposure of source code. These issues were uncovered by security researchers while they were probing the existing patches for a previously disclosed critical bug (CVE-2025-55182) that had a CVSS score of 10.0, indicating its severity. This situation is concerning as it affects developers using React for building applications, potentially putting sensitive code at risk. The React team emphasizes the importance of applying these patches promptly to maintain application security.

Researchers at Wiz have discovered a serious vulnerability in Gogs, a self-hosted Git service. This flaw allows attackers to bypass a previously reported remote code execution (RCE) vulnerability that was disclosed last year. Although the specifics of the exploitation have not been detailed, the revelation indicates that the vulnerability has been exploited for months without a patch available to fix it. This situation poses significant risks for organizations that rely on Gogs for their version control, as it could lead to unauthorized access and potentially severe security breaches. Users of Gogs need to stay vigilant and consider alternative security measures while waiting for a fix.

Hackers have taken advantage of a serious unpatched zero-day vulnerability in Gogs, a widely used self-hosted Git service, allowing them to execute remote code on exposed servers. This breach has impacted around 700 Internet-facing instances, putting sensitive data at risk and potentially leading to further attacks. The vulnerability is particularly concerning because it remains unpatched, leaving many servers vulnerable to exploitation. Users of Gogs should take immediate action to secure their systems, as the lack of a fix means attackers can easily compromise servers. This incident serves as a reminder for organizations to prioritize timely software updates and security measures to protect their infrastructure.

A recent phishing campaign has targeted around 6,000 companies, sending over 40,000 fraudulent emails that appeared to come from trusted services like SharePoint and DocuSign. These emails contained malicious links disguised by reputable redirect services, making it easier for scammers to trick recipients into clicking. The scale and speed of this attack raise concerns about the vulnerability of businesses to such tactics, which exploit the trust users place in well-known platforms. Companies need to be vigilant, as these phishing attempts can lead to data breaches or financial loss if employees fall for the scams. Ensuring proper training and awareness around phishing tactics is crucial for organizations to protect themselves.

Researchers have identified a significant surge in attacks linked to a vulnerability in React2Shell, with more than 50 confirmed victims to date. This issue stems from a critical defect that has left many systems exposed, as reports indicate that about half of these vulnerable instances remain unpatched. The rapid exploitation of this flaw underscores the urgency for affected organizations to take immediate action to secure their systems. Companies using React2Shell need to prioritize updates and patch deployments to mitigate these risks. Failure to address this vulnerability could lead to more widespread damage and data breaches as attackers continue to exploit the flaw in the wild.

Recent breaches in the supply chain have exposed vulnerabilities in the software development processes used by manufacturers. Attackers have taken advantage of compromised development tools, stolen credentials, and malicious packages from repositories like NPM to infiltrate production environments. These incidents emphasize the need for manufacturers to adopt secure software development life cycle (SSDLC) practices when assessing their partners. By integrating security measures throughout the software development process, companies can better protect their systems and reduce the risk of exploitation. This approach is increasingly vital as the manufacturing sector becomes a more frequent target for cyberattacks.

A new phishing kit named Spiderman is targeting customers of various European banks and cryptocurrency users by creating nearly identical fake websites that impersonate legitimate brands and organizations. This sophisticated kit allows attackers to mimic the look and feel of real banking sites, making it difficult for users to identify them as fraudulent. Affected users may enter sensitive information, such as login credentials or financial details, which could lead to identity theft or financial loss. The rise of such phishing attacks is concerning as they exploit the trust users have in established financial institutions. Awareness and caution are crucial for users to protect themselves from these deceptive schemes.