Hackread – Cybersecurity News, Data Breaches, AI, and More
Actively Exploited
In December 2025, researchers identified a serious vulnerability in React, designated as CVE-2025-55182, which has led to a surge in attacks on services that use React2Shell. This vulnerability affects numerous applications built with the React framework, making them targets for malicious actors. Attackers are exploiting this flaw to gain unauthorized access to systems, which could lead to data breaches or service disruptions. Organizations utilizing React-enabled services are urged to take immediate action to safeguard their systems. The situation is critical, as the exploitation of this vulnerability poses significant risks to businesses and users globally.
Hackread – Cybersecurity News, Data Breaches, AI, and More
The UK's Information Commissioner's Office (ICO) has imposed a £1.2 million fine on LastPass following a significant data breach in 2022 that compromised the personal information of 1.6 million users. The breach was traced back to a vulnerability in an employee's personal computer, which allowed attackers to access sensitive data. This incident raises serious concerns about the security practices of password management services, especially considering the potential for misuse of the exposed information. Users of LastPass are now at increased risk of phishing attacks and identity theft. The fine serves as a reminder for companies to enhance their cybersecurity measures and protect user data more effectively.
A vulnerability in GeoServer has been identified, allowing attackers to exploit insufficient sanitization of user input. This flaw enables them to define external entities within XML requests, potentially leading to unauthorized access or data exposure. Organizations using GeoServer should take this threat seriously, as it could compromise the integrity of their data and systems. It's crucial for users to implement adequate security measures to mitigate this risk. As this vulnerability is being actively exploited, immediate action is necessary to protect sensitive information and maintain system security.
A new zero-day vulnerability has been discovered in Windows that affects the Remote Access Connection Manager (RasMan) service, allowing attackers to crash it. This flaw could disrupt remote access services for users and organizations relying on Windows systems. Unofficial patches have been made available for users who want to mitigate the risk before an official fix is released. As this vulnerability is a zero-day, it is crucial for affected users to apply these patches promptly to avoid potential exploitation. The issue underscores the need for vigilance in maintaining system security, especially for those using Windows.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive for U.S. federal agencies to patch a serious vulnerability found in GeoServer. This flaw is being exploited in XML External Entity (XXE) injection attacks, which can allow attackers to access sensitive data. The exploitation of this vulnerability poses a significant risk to the integrity and confidentiality of systems using GeoServer. Agencies are advised to take immediate action to defend against potential breaches and secure their data. Given that this vulnerability is actively being exploited, it is crucial for affected organizations to prioritize the necessary updates to protect their networks from compromise.
The React team has identified and patched two significant vulnerabilities in React Server Components (RSC) that could lead to denial-of-service (DoS) attacks and exposure of source code. These issues were uncovered by security researchers while they were probing the existing patches for a previously disclosed critical bug (CVE-2025-55182) that had a CVSS score of 10.0, indicating its severity. This situation is concerning as it affects developers using React for building applications, potentially putting sensitive code at risk. The React team emphasizes the importance of applying these patches promptly to maintain application security.
Hackers have taken advantage of a zero-day vulnerability in Gogs, a self-hosted Git service, leading to the compromise of approximately 700 servers that are accessible over the internet. This vulnerability allows attackers to execute code remotely, posing a significant risk to organizations and individuals using this platform to manage their Git repositories. Gogs, which is known for its lightweight and easy-to-deploy nature, is now under scrutiny as users scramble to secure their systems. The incident highlights the importance of promptly applying security updates and monitoring for unusual activity. Without swift action, affected servers could lead to data breaches or unauthorized access to sensitive information.
Researchers at Wiz have discovered a serious vulnerability in Gogs, a self-hosted Git service. This flaw allows attackers to bypass a previously reported remote code execution (RCE) vulnerability that was disclosed last year. Although the specifics of the exploitation have not been detailed, the revelation indicates that the vulnerability has been exploited for months without a patch available to fix it. This situation poses significant risks for organizations that rely on Gogs for their version control, as it could lead to unauthorized access and potentially severe security breaches. Users of Gogs need to stay vigilant and consider alternative security measures while waiting for a fix.
CyberVolk has reemerged with its new VolkLocker ransomware-as-a-service, which comes with some notable features but also a significant design flaw. Researchers have identified a major vulnerability that could allow security teams to mitigate attacks more effectively. This flaw raises concerns for businesses and organizations that could be targeted by this ransomware, as it may lead to increased incidents of data theft and disruption. Cyber defenders need to be vigilant and prepare for potential attacks stemming from this new variant. Understanding the weaknesses in VolkLocker could help in developing strategies to counteract its effects and protect sensitive information.
Hackers have taken advantage of a serious unpatched zero-day vulnerability in Gogs, a widely used self-hosted Git service, allowing them to execute remote code on exposed servers. This breach has impacted around 700 Internet-facing instances, putting sensitive data at risk and potentially leading to further attacks. The vulnerability is particularly concerning because it remains unpatched, leaving many servers vulnerable to exploitation. Users of Gogs should take immediate action to secure their systems, as the lack of a fix means attackers can easily compromise servers. This incident serves as a reminder for organizations to prioritize timely software updates and security measures to protect their infrastructure.
In April 2025, a significant data breach at the Pierce County Library compromised the personal information of around 340,000 individuals, including library patrons, employees, and their family members. The stolen data may include sensitive details, raising concerns about identity theft and privacy violations. As libraries often hold extensive personal information, this incident highlights the vulnerability of public institutions to cyberattacks. The breach not only affects those directly involved but also puts the library's reputation and trustworthiness at risk. Community members are urged to monitor their accounts and take precautions to protect their personal information.
Hackread – Cybersecurity News, Data Breaches, AI, and More
Actively Exploited
A recent phishing campaign has targeted around 6,000 companies, sending over 40,000 fraudulent emails that appeared to come from trusted services like SharePoint and DocuSign. These emails contained malicious links disguised by reputable redirect services, making it easier for scammers to trick recipients into clicking. The scale and speed of this attack raise concerns about the vulnerability of businesses to such tactics, which exploit the trust users place in well-known platforms. Companies need to be vigilant, as these phishing attempts can lead to data breaches or financial loss if employees fall for the scams. Ensuring proper training and awareness around phishing tactics is crucial for organizations to protect themselves.
Cybersecurity experts are reporting a surge in malware attacks exploiting a serious vulnerability in the React library, known as React2Shell. This vulnerability allows attackers to execute code remotely without authentication, putting many applications at risk. React is widely used for building user interfaces, meaning a broad range of developers and companies could be affected. The situation is concerning as it opens the door for various types of malware to be deployed against unsuspecting users. Companies using React should take immediate action to assess their systems and implement security measures to protect against these attacks.
A serious security vulnerability in Gogs, a self-hosted Git service, is currently being exploited, affecting over 700 instances worldwide. This flaw, identified as CVE-2025-8110, has a CVSS score of 8.7 and allows attackers to overwrite files via the file update API. The lack of a patch means that many users are at risk, and researchers from Wiz have highlighted the urgency of addressing this issue. Companies using Gogs should take immediate action to secure their installations and monitor for any signs of compromise. The situation underscores the need for timely updates and vigilance in managing self-hosted services.
A recent study by the Identity Theft Resource Center (ITRC) indicates that a staggering 81% of small businesses in the U.S. experienced a data or security breach in the past year. As a result, many of these businesses are feeling the financial strain and are responding by increasing their prices. Specifically, two-fifths of small and medium-sized businesses (SMBs) have raised their prices to offset the costs associated with these breaches. This trend not only impacts the businesses themselves but also affects consumers, who may face higher prices for goods and services. The findings emphasize the ongoing vulnerability of small businesses to cyber threats and the wider economic implications of such breaches.