ALL POSTS

Key Findings React2Shell (CVE-2025-55182), a critical vulnerability in React Server Components, was disclosed on December 3, 2025, carrying a maximum CVSS score of 10.0 and enabling unauthenticated remote code execution. Shortly after disclosure, the Google Threat Intelligence Group (GTIG) observed widespread exploitation across various threat actor groups, ranging from opportunistic cybercriminals to suspected espionage groups. Several distinct campaigns were identified, inc

Key Findings CVE-2025-55184 (CVSS 7.5) - A pre-authentication denial of service vulnerability in React Server Components (RSC) that can trigger an infinite loop and hang the server process CVE-2025-67779 (CVSS 7.5) - An incomplete fix for CVE-2025-55184 with the same impact CVE-2025-55183 (CVSS 5.3) - An information leak vulnerability that may expose the source code of a vulnerable Server Function Background The React team has released fixes for three new vulnerabilities in R

Key Findings The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the widely used OSGeo GeoServer software to its Known Exploited Vulnerabilities (KEV) Catalog. The flaw, tracked as CVE-2025-58360, is an XML External Entity (XXE) vulnerability that attackers are actively exploiting to breach networks and steal sensitive data. The vulnerability lies within GeoServer's handling of XML input, allowing attackers to define e

Key Findings Google addressed three vulnerabilities in the Chrome browser, including a high-severity bug already exploited in the wild. Google tracked the high-severity vulnerability as Chromium issue 466192044, but did not share technical details. The bug lies in the ANGLE graphics library, where buffer sizes were incorrectly calculated, leading to memory corruption, crashes, or potentially arbitrary code execution. Google also fixed two medium-severity flaws: a use-after-fr

Key Findings: 90% of organizations are facing critical skills gaps (ISC2) AI is reshaping job roles across cybersecurity, cloud, and IT operations Enterprises are rapidly reallocating L&D budgets toward hands-on training that delivers measurable, real-world performance INE is uniquely positioned to support this shift, helping organizations invest their end-of-year budgets in scalable labs, simulations, and immersive learning experiences Background As AI accelerates job transf

Key Findings A critical vulnerability (CVE-2025-59718, CVE-2025-59719) in Fortinet's FortiCloud Single Sign-On (SSO) feature allows unauthenticated attackers to bypass authentication and gain administrative access to affected devices. The vulnerability, which has a CVSS score of 9.1, stems from improper verification of cryptographic signatures (CWE-347) in the FortiCloud SSO SAML implementation. Affected products include FortiOS, FortiWeb, FortiProxy, and FortiSwitch Manager.

Key Findings Microsoft released 57 vulnerabilities in the December 2025 Patch Tuesday, including 2 "critical" and the rest "important" Microsoft assessed that exploitation of the 2 "critical" vulnerabilities is "less likely" Cisco Talos is releasing new Snort rules to detect attempts to exploit some of the disclosed vulnerabilities Background This month's Patch Tuesday addresses a range of vulnerabilities, including: CVE-2025-62562: Microsoft Outlook remote code execution vul

Key Findings Trend Micro's AI-driven threat hunting pipeline discovered a previously unknown and undetectable Linux backdoor called "GhostPenguin" GhostPenguin had zero detections on VirusTotal for over four months before being identified The sophisticated, multi-threaded backdoor is written in C++ and uses RC5-encrypted UDP for covert Command and Control (C2) communications Background GhostPenguin was first submitted to VirusTotal on July 7, 2025, but remained completely inv

Key Findings Ransomware payments reported to FinCEN exceeded $4.5 billion by 2024 2023 marked a record year with $1.1 billion in ransomware payments across 1,512 incidents From 2022 to 2024, organizations reported 4,194 ransomware incidents and over $2.1 billion in payments In comparison, from 2013 to 2021, FinCEN logged 3,075 reports totaling about $2.4 billion Background FinCEN analyzed ransomware trends using Bank Secrecy Act (BSA) reports filed from January 2022 to Februa

Key Findings Securonix researchers discovered a new malware campaign dubbed JS#SMUGGLER that delivers the powerful NetSupport RAT through compromised websites. The attack is designed in three stages to evade detection, starting with an obfuscated JavaScript loader, followed by a hidden HTML Application (HTA) and a final PowerShell payload that downloads and executes the NetSupport RAT. The multi-layered tactics, including encryption, compression, and in-memory execution, indi

Here is the article with the requested format: Key Findings INE has been recognized with seven G2 Winter 2026 badges The awards include Leader status in the Online Course Providers Grid Report and Momentum Leader recognition in two major training categories INE also earned regional leadership positions across Europe, Asia, Asia Pacific, and India Background INE is the premier provider of online networking and cybersecurity training and certification. The company harnesses a p

Key Findings: Cybersecurity agencies in the US and Canada have issued an alert about a new malware called BRICKSTORM, believed to be used by state-sponsored hackers from China. BRICKSTORM is a backdoor that gives attackers stealthy access and control over targeted systems, primarily focusing on VMware vSphere platforms. The hackers have been observed targeting organizations in the Government Services, Facilities, and Information Technology sectors. The malware uses advanced t

Key Findings Over 30 security vulnerabilities have been disclosed in various AI-powered Integrated Development Environments (IDEs) The vulnerabilities combine prompt injection primitives with legitimate IDE features to achieve data exfiltration and remote code execution The security issues have been collectively named "IDEsaster" by security researcher Ari Marzouk (MaccariTA) The vulnerabilities affect popular IDEs and extensions such as Cursor, Windsurf, Kiro.dev, GitHub Cop

Key Findings Sophos is launching Sophos Intelix for Microsoft 365 Copilot, a powerful new integration that brings Sophos' world-class threat intelligence directly into the Microsoft 365 ecosystem. This seamless integration allows security analysts and IT professionals to instantly access, investigate, and respond to emerging cyber threats right from the Copilot chat interface, without leaving the Microsoft 365 environment. Sophos Intelix leverages the deep threat intelligence

Key Findings Traditional vulnerability-based security approaches are insufficient against modern exposure-driven attacks Misconfigurations, forgotten assets, and publicly accessible services have become real-world attack entry points as organizations rapidly adopt cloud platforms and distributed architectures Adversaries evaluate exposed services, identify weak points, and map attack paths to exploit previously unknown or unmanaged assets Background As organizations rapidly a

Key Findings: Adversaries continue to use GenAI with varying levels of reliance, with state-sponsored groups and criminal organizations taking advantage of uncensored and unweighted models. Threat actors are using GenAI for coding, phishing, anti-analysis/evasion, and vulnerability discovery, although significant human involvement is still required. As models continue to shrink and hardware requirements are removed, adversarial access to GenAI and its capabilities are poised

Key Findings A critical Remote Code Execution (RCE) vulnerability has been discovered in the Sneeit Framework, a core plugin bundled with multiple premium WordPress themes. The vulnerability (CVE-2025-6389) allows unauthenticated users to take complete control of a server. Threat actors started exploiting the issue on the same day it was publicly disclosed on November 24th, 2025. The Wordfence Firewall has already blocked over 131,000 exploit attempts targeting this vulnerabi

Key Findings Phishing attacks have surged 400% year-over-year, with nearly 40% of the 28+ million recaptured phished records containing a business email address, compared to just 11.5% in recaptured malware data. Enterprises are now three times more likely to be targeted with phishing attacks than infostealer malware. Phishing has become the preferred gateway into enterprise environments, and is now the leading entry point for ransomware, accounting for 35% of all ransomware

Key Findings Cloudflare mitigated the largest ever distributed denial-of-service (DDoS) attack, measuring 29.7 terabits per second (Tbps) The attack originated from the AISURU DDoS botnet-for-hire, which has been linked to numerous high-volume DDoS attacks over the past year The 69-second attack did not disclose the target, but AISURU has targeted telecommunication providers, gaming companies, hosting providers, and financial services AISURU is believed to be powered by a mas

Key Findings Critical security flaw discovered in React Server Components (RSC) with a CVSS score of 10.0 (maximum severity) Vulnerability allows unauthenticated remote code execution (RCE) by exploiting a deserialization issue in how React decodes payloads sent to React Server Function endpoints Issue affects React versions 19.0, 19.1.0, 19.1.1, and 19.2.0, as well as Next.js versions >=14.3.0-canary.77, >=15, and >=16 Vulnerability codenamed "React2shell" and assigned CVE-2