Articles tagged "Vulnerability"

Found 968 articles

AWS Security has reported that multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) within hours of its disclosure. Although this flaw does not affect AWS services, the rapid exploitation highlights the urgency for organizations to address this vulnerability to prevent potential breaches.

Read Original

Portugal has revised its cybercrime law to provide legal protection for security researchers, allowing them to operate without the fear of prosecution as long as they adhere to specified conditions. This change is significant for fostering a safer environment for ethical hacking and vulnerability disclosure, ultimately enhancing cybersecurity efforts in the country.

Read Original
Actively Exploited

The article discusses the rising exploitation of the React vulnerability CVE-2025-55182 by threat actors. This vulnerability poses a significant risk as it is being actively targeted in various attacks, highlighting the urgency for organizations to address it promptly.

Read Original

The article discusses the differences between prompt injection and SQL injection, emphasizing the potential severity of prompt injection as a cybersecurity threat. It highlights that misunderstanding these differences can undermine mitigation strategies, suggesting that prompt injection may pose unique risks that require specific attention.

Read Original

The article discusses a React vulnerability that has been reportedly exploited by attackers, leading to a debate among researchers about the existence of concrete evidence for these attacks. While some researchers claim to have seen proof of concepts demonstrating the exploit, others argue that there is insufficient evidence of actual attacks occurring, complicating the response efforts.

Read Original

Barts Health NHS Trust has reported a data breach involving the Clop ransomware group, which exploited a vulnerability in the Oracle E-business Suite software to steal files from their database. This incident highlights the ongoing risks associated with unpatched software vulnerabilities and the potential for significant data loss in healthcare organizations.

Read Original
Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

The Hacker News

A critical security vulnerability, CVE-2025-66516, has been identified in Apache Tika, posing a risk of XML external entity (XXE) injection attacks. With a CVSS score of 10.0, this flaw affects multiple modules and requires urgent attention from users to prevent exploitation.

Read Original

A critical vulnerability in the React JavaScript library is currently being targeted by threat actors linked to China, highlighting the urgency for developers to implement patches. The situation underscores the importance of immediate action to secure applications using this library from potential exploitation.

Read Original
Actively Exploited

The article discusses a critical vulnerability in React that has been exploited by various threat actors, leading to a significant outage at Cloudflare as they implemented mitigations against the React2Shell exploit. This incident highlights the ongoing risks associated with vulnerabilities in widely used frameworks and the need for timely responses to emerging threats.

Read Original
Actively Exploited

Cloudflare has reported an outage due to the emergency patching of a critical React remote code execution vulnerability that is currently being exploited in attacks. This incident highlights the urgency and severity of addressing such vulnerabilities to maintain security and service continuity.

Read Original

The article discusses a critical vulnerability known as 'React2Shell' in the React Server Components (RSC) 'Flight' protocol, which allows remote code execution without authentication in React and Next.js applications. This severe flaw poses significant risks to developers and organizations using these frameworks, as it could lead to unauthorized access and control over servers.

Read Original

A critical flaw in the widely used React code library has been identified, affecting approximately 39% of cloud environments. Developers are urgently addressing this vulnerability to protect major applications from potential exploitation.

Read Original
Critical
Yearn Finance yETH Pool Hit by $9M Exploit

Infosecurity Magazine

Actively Exploited

Yearn Finance's yETH pool experienced a significant security breach due to a critical vulnerability, resulting in the theft of approximately $9 million. This incident highlights the ongoing risks associated with decentralized finance platforms and the need for robust security measures.

Read Original
PreviousPage 61 of 65Next