A newly discovered flaw in the Windows Remote Access Connection Manager (RasMan) service allows the operating system to be disrupted without administrative privileges. A free, unofficial fix is already available, while Microsoft prepares its...
Gladinet is facing fresh trouble once again: vulnerabilities have been uncovered in its CentreStack and Triofox products stemming from embedded, hardcoded cryptography. According to Huntress, the AES implementation relies on fixed keys, allowing attackers...
Notepad++ has released version 8.8.9 to remediate a weakness in its WinGUp (GUP.exe) update mechanism. Researchers and users had reported incidents in which the updater, instead of fetching a legitimate installer, downloaded and executed...
Immediately following the public disclosure of a critical vulnerability in React Server Components, threat actors began exploiting it in attacks against organizations across multiple industries. The Huntress team reports that the flaw is an...
The emergence of a new malicious tool within the React2Shell attack chain has become a notable development amid the surge of compromises that followed the disclosure of CVE-2025-55182. This time, the activity goes far...
Security researchers have disclosed a .NET vulnerability that could affect a wide range of enterprise products and lead to remote code execution. The issue stems from how Microsoft .NET–based applications process SOAP messages, and,...
Attackers are actively exploiting a newly discovered zero-day vulnerability in Gogs—a widely used self-hosted Git service—for which no official patch has yet been released. According to Wiz, the ongoing campaign has already compromised more...
Google has released an unscheduled Chrome update to patch a zero-day vulnerability already being exploited in active attacks. The fix is included in stable build 143.0.7499.110 for Windows and macOS, and 143.0.7499.109 for Linux....
Microsoft has released its December security updates: Patch Tuesday brings fixes for 57 vulnerabilities, including three zero-days (one of which is already being actively exploited) and three critical remote-code-execution flaws. Administrators and Windows users...
A newly discovered vulnerability in Node.js, designated CVE-2025-55182 and informally dubbed React2Shell, has become a favored weapon of botnets within mere days of its disclosure. Operators are now launching widespread attacks against vulnerable web...