Home
Services
Credentials
News
Contact
News
NEWS
The latest news in cybersecurity!
DEC
13
CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks
By:
info@thehackernews.com (The Hacker News)
on
DEC
13
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a high-severity flaw impacting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. CVE-2018-4063 (CVSS score: 8.8/9.9) refers to an unrestricted file upload vulnerability that could be exploited to achieve remote code
Read more >>
DEC
13
Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild
By:
info@thehackernews.com (The Hacker News)
on
DEC
13
Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to address two security flaws that it said have been exploited in the wild, one of which is the same flaw that was patched by Google in Chrome earlier this week. The vulnerabilities are listed below - CVE-2025-43529 (CVSS score: N/A) - A use-after-free vulnerability in WebKit
Read more >>
DEC
12
Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads
By:
info@thehackernews.com (The Hacker News)
on
DEC
12
Cybersecurity researchers are calling attention to a new campaign that's leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based Remote Access Trojan (RAT) dubbed PyStoreRAT. "These repositories, often themed as development utilities or OSINT tools, contain only a few lines of code responsible for silently downloading a remote HTA file and executing
Read more >>
DEC
12
New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale
By:
info@thehackernews.com (The Hacker News)
on
DEC
12
Cybersecurity researchers have documented four new phishing kits named BlackForce, GhostFrame, InboxPrime AI, and Spiderman that are capable of facilitating credential theft at scale. BlackForce, first detected in August 2025, is designed to steal credentials and perform Man-in-the-Browser (MitB) attacks to capture one-time passwords (OTPs) and bypass multi-factor authentication (MFA). The kit
Read more >>
DEC
12
Securing GenAI in the Browser: Policy, Isolation, and Data Controls That Actually Work
By:
info@thehackernews.com (The Hacker News)
on
DEC
12
The browser has become the main interface to GenAI for most enterprises: from web-based LLMs and copilots, to GenAI‑powered extensions and agentic browsers like ChatGPT Atlas. Employees are leveraging the power of GenAI to draft emails, summarize documents, work on code, and analyze data, often by copying/pasting sensitive information directly into prompts or uploading files. Traditional
Read more >>
DEC
12
New React RSC Vulnerabilities Enable DoS and Source Code Exposure
By:
info@thehackernews.com (The Hacker News)
on
DEC
12
The React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited, could result in denial-of-service (DoS) or source code exposure. The team said the issues were found by the security community while attempting to exploit the patches released for CVE-2025-55182 (CVSS score: 10.0), a critical bug in RSC that has since been weaponized in
Read more >>
DEC
12
React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation
By:
info@thehackernews.com (The Hacker News)
on
DEC
12
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to patch the recent React2Shell vulnerability by December 12, 2025, amid reports of widespread exploitation. The critical vulnerability, tracked as CVE-2025-55182 (CVSS score: 10.0), affects the React Server Components (RSC) Flight protocol. The underlying cause of the issue is an unsafe deserialization
Read more >>
DEC
12
CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog
By:
info@thehackernews.com (The Hacker News)
on
DEC
12
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The vulnerability in question is CVE-2025-58360 (CVSS score: 8.2), an unauthenticated XML External Entity (XXE) flaw that affects all versions prior to
Read more >>
DEC
11
ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit — and 20 More Stories
By:
info@thehackernews.com (The Hacker News)
on
DEC
11
This week’s cyber stories show how fast the online world can turn risky. Hackers are sneaking malware into movie downloads, browser add-ons, and even software updates people trust. Tech giants and governments are racing to plug new holes while arguing over privacy and control. And researchers keep uncovering just how much of our digital life is still wide open. The new Threatsday Bulletin
Read more >>
DEC
11
NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems
By:
info@thehackernews.com (The Hacker News)
on
DEC
11
Cybersecurity researchers have disclosed details of a new fully-featured Windows backdoor called NANOREMOTE that uses the Google Drive API for command-and-control (C2) purposes. According to a report from Elastic Security Labs, the malware shares code similarities with another implant codenamed FINALDRAFT (aka Squidoor) that employs Microsoft Graph API for C2. FINALDRAFT is attributed to a
Read more >>
More posts
Contact Us
014
91 842 907
info@pensecure.co.uk
Graffix House,
Newtown Rd,
Henley-on-Thames,
Oxfordshire,
RG9 1LY
Business Hours
Mon - Fri
9:00 am
-
5:00 pm
Sat - Sun
Closed
Copyright © PenSecure
Share by:
