CVE-2025-55182 is a critical (CVSS 10.0) pre-authentication remote code execution vulnerability affecting React Server Components used in React.js, Next.js, and related frameworks (see the context section for a more exhaustive list of affected frameworks).
China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment card data into mobile wallets fromRead More »SMS Phishers Pivot to Points, Taxes, Fake Retailers
The Ministry of Communications on had asked smartphone makers to install the government’s “Sanchar Saathi” app within 90 days and to prevent users from disabling it. The post India Rolls Back Order to Preinstall Cybersecurity App on Smartphones appeared first on SecurityWeek.
Significant cybersecurity M&A deals announced by Arctic Wolf, Bugcrowd, Huntress, Palo Alto Networks, and Zscaler. The post Cybersecurity M&A Roundup: 30 Deals Announced in November 2025 appeared first on SecurityWeek.
The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China. The search engine optimization (SEO) poisoning campaign leverages Microsoft Teams lures to trick unsuspecting users into downloading a malicious setup file that leadsRead More »Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China
Established in 2024 by Cybereason co-founders Lior Div and Yonatan Striem-Amit, the company has raised a total of $166 million in funding. The post Agentic Security Firm 7AI Raises $130 Million appeared first on SecurityWeek.
Hackers stole the names, addresses, Social Security numbers, and financial and medical information of 9,542 people. The post Inotiv Says Personal Information Stolen in Ransomware Attack appeared first on SecurityWeek.
The state-sponsored hackers relied on phishing emails to deliver a malicious payload to Reporters Without Borders (RSF). The post Reporters Without Borders Targeted by Russian Hackers appeared first on SecurityWeek.
The 25-page document outlines four principles for securely integrating AI with operational technology. The post Global Cyber Agencies Issue AI Security Guidance for Critical Infrastructure OT appeared first on SecurityWeek.
Freedom Mobile says hackers stole customers’ personal information from its account management platform. The post Personal Information Compromised in Freedom Mobile Data Breach appeared first on SecurityWeek.
