The Hacker News

Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers

A critical CVSS 9.2 flaw in AdonisJS bodyparser lets attackers write arbitrary files via path traversal when uploads are ...
Dark Reading

RondoDox Botnet Expands Scope With React2Shell Exploitation

Recent attacks are targeting Next.js servers and pose a significant threat of cryptomining and other malicious activity to ...
SecurityWeek

CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries

The CISA KEV catalog was expanded with 245 vulnerabilities in 2025, including 24 flaws exploited by ransomware groups.
The Hacker News

⚡ Weekly Recap: IoT Exploits, Wallet Breaches, Rogue Extensions, AI Abuse & More

First 2026 cyber recap covering IoT exploits, wallet breaches, malicious extensions, phishing, malware, and early AI abuse.

From Perimeter To Identity: Unifying AI And Access Controls

A unified approach represents the fundamental blueprint for organizations to achieve cyber resilience. By integrating the ...
DMR News

GreyNoise Flags Holiday Exploitation Campaign Targeting Adobe ColdFusion Servers

Security researchers at GreyNoise have reported a coordinated exploitation campaign targeting Adobe ColdFusion servers, with ...
Security Boulevard

Malware Campaign Abuses Booking.com Against Hospitality Sector

Securonix is detailing a multi-stage campaign that starts with a bogus Booking.com message that runs through a ClickFix technique and a fake Blue Screen of Death before dropping the DCRat malware that ...