Bleeping Computer

WebRAT malware spread via fake vulnerability exploits on GitHub

The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for recently disclosed vulnerabilities. Previously spread through pirated software ...
heise online

"MongoBleed": Exploit for critical vulnerability in MongoDB makes attacks easier

According to the details about the vulnerability published shortly before Christmas, attackers can exploit a flaw in the zlib compression software to access non-reset dynamic memory (heap memory).
CSO Online

CISA flags max-severity bug in HPE OneView amid active exploitation

The flaw allows remote code execution via a public REST API, giving attackers a direct path to compromise enterprise ...
Bleeping Computer

RondoDox botnet exploits React2Shell flaw to breach Next.js servers

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. First documented by Fortinet in July ...
CSOonline

Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...
The New York Times

How Russia’s War Machine Brutalizes and Exploits Its Own Soldiers

In hundreds of official complaints, inadvertently posted online by the Russian government, soldiers and their loved ones describe a lawless and violent military apparatus that abuses its own troops to ...