Dark Reading

Attackers Use New Tool to Scan for React2Shell Exposure

Researchers say threat actors used the sophisticated — and unfortunately named — toolkit to target high-value networks for ...
CSO Online

Software developers: Prime cyber targets and a rising risk vector for CISOs

From technical compromise to AI-driven attacks, cyber criminals increasingly see software developers as prime targets, creating systemic risks CISOs must address.
SecurityWeek

API Threats Grow in Scale as AI Expands the Blast Radius

Most API vulnerabilities are fast, remote, and easy to exploit. Attackers take full advantage of these attributes.
Computer Weekly

PromptSpy Android malware may exploit Gemini AI

A newly-uncovered malware targeting the Android operating system seems to exploit Google’s Gemini GenAI tool to help it maintain persistence.

AI platforms can be abused for stealthy malware communication

AI assistants like Grok and Microsoft Copilot with web browsing and URL-fetching capabilities can be abused to intermediate ...

Telegram channels expose rapid weaponization of SmarterMail flaws

Underground Telegram channels shared SmarterMail exploit PoCs and stolen admin credentials within days of disclosure. Flare explains how monitoring these communities reveals rapid weaponization of CVE ...
Kotaku

Steam Game Devs Call Exploit Allegations ‘Clickbait Exaggeration’ And ‘Malicious Defamation’

The developers behind a popular “open source MMO RTS sandbox game for programming enthusiasts” on Steam, named Screeps: World, have been forced to update their game “in order to protect both players” ...
HotHardware

Millions At Risk As Attackers Exploit This Alarming WinRAR Security Flaw

Remember the WinRAR path handling exploit we reported on back in August? According to Google, that same flaw, officially dubbed CVE-2025-8088, is still being actively exploited, even though versions ...
CoinTelegraph

SwapNet exploit drains up to $13.3M from Matcha Meta users

Matcha Meta urged users to revoke one-time approvals for SwapNet’s router contract after a smart-contract vulnerability saw around $13.3 million stolen on the Base blockchain. Update, Jan. 27, 9:15 am ...