Tag
#web
Sysdig discovered North Korea-linked EtherRAT, a stealthy new backdoor using Ethereum smart contracts for C2 after exploiting the critical React2Shell vulnerability (CVE-2025-55182).
The update patches three zero-days and introduces a new PowerShell warning meant to help you avoid accidentally running unsafe code from the web.
### Impact A reflected XSS vulnerability in XWiki allows an attacker to send a victim to a URL with a deletion confirmation message on which the attacker-supplied script is executed when the victim clicks the "No" button. When the victim has admin or programming right, this allows the attacker to execute basically arbitrary actions on the XWiki installation including remote code execution. ### Patches This vulnerability has been patched in XWiki 16.10.10, 17.4.2 and 17.5.0 by using the affected URL parameter only in the intended context. ### Workarounds The [patch](https://github.com/xwiki/xwiki-platform/commit/cb578b1b2910d06e9dd7581077072d1cfbd280f2) can be manually applied to the templates that are present in the WAR. A restart of XWiki is needed for the changes to be applied.
Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.
GhostFrame uses dynamic subdomains and hidden iframes to help attackers slip past basic security tools.
Cloud security is changing. Attackers are no longer just breaking down the door; they are finding unlocked windows in your configurations, your identities, and your code. Standard security tools often miss these threats because they look like normal activity. To stop them, you need to see exactly how these attacks happen in the real world. Next week, the Cortex Cloud team at Palo Alto Networks
Ukrainian national Victoria Dubranova is in U.S. custody, accused of supporting Russian hacker group NoName057 in cyberattacks on critical infrastructure. She has pleaded not guilty.
Microsoft closed out 2025 with patches for 56 security flaws in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild. Of the 56 flaws, three are rated Critical, and 53 are rated Important in severity. Two other defects are listed as publicly known at the time of the release. These include 29 privilege escalation, 18 remote code
Fortinet, Ivanti, and SAP have moved to address critical security flaws in their products that, if successfully exploited, could result in an authentication bypass and code execution. The Fortinet vulnerabilities affect FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager and relate to a case of improper verification of a cryptographic signature. They are tracked as CVE-2025-59718 and
fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery (SSRF) vulnerability, which allows attackers to bypass private IP validation and access internal network resources.