Hackers exploit React2Shell in automated credential theft campaign

Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell ...
Microsoft

WhatsApp malware campaign delivers VBScript and MSI backdoors

A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. The attack ...
Infosecurity-magazine.com

Hackers Exploit Critical Langflow Bug in Just 20 Hours

Threat actors have demonstrated just how quickly they operate today after exploiting a critical open source vulnerability within 20 hours, working only from the advisory description. The bug, CVE-2026 ...
Bleeping Computer

New DarkSword iOS exploit used in infostealer attack on iPhones

A new exploit kit for iOS devices and delivery framework dubbed “DarkSword” has been used to steal a wide range of personal information, including data from cryptocurrency wallet apps. DarkSword ...
GitHub

CVE-2025-55182 – React Server Components Remote Code Execution

React Server Components accept client-side requests which are parsed and deserialized on the backend. The vulnerability arises from insufficient controls around deserialization of inbound data, ...
Forbes

Google Zero-Day Alert For 3.5 Billion Chrome Users—Attacks Underway

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. Google issues emergency Chrome security update. Updated March 15: Following the confirmation ...
IEEE

Exploit Linux VIM Configuration Backdoor and Mitigation : Strategies to run scripts via a VIM backdoor and mitigation techniques

Abstract: The Vim text editor, due to its significant scripting capabilities (Vimscript) and legitimate features like modeline and autocmd, presents a unique attack surface often overlooked by ...
Android Authority

New Qualcomm exploit chain brings bootloader unlocking freedom to Android flagships (Updated: Statement)

A vulnerability in Qualcomm’s Android Bootloader implementation allows unsigned code to run via the “efisp” partition on Android 16 devices. This is paired with a “fastboot” command oversight to ...
The Hacker News

OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration

China's National Computer Network Emergency Response Technical Team (CNCERT) has issued a warning about the security stemming from the use of OpenClaw (formerly Clawdbot and Moltbot), an open-source ...