InfoWorld

React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web

The explosive, easy-to-trigger vulnerability was exploited within hours of disclosure, exposing the risks of default ...

RondoDox botnet exploits React2Shell flaw to breach Next.js servers

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js ...

This SmarterMail vulnerability allows remote code execution - here's what we know

Business-grade email server software SmarterMail just patched a maximum-severity vulnerability that allowed threat actors to ...
Dark Reading

Sunken Ships: Will Orgs Learn From Ivanti EPMM Attacks?

The zero-day exploitations of Ivanti's MDM platform meant unprecedented pwning of 1000s of orgs by a Chinese APT — and ...

Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed

A severe vulnerability affecting multiple MongoDB versions, dubbed MongoBleed (CVE-2025-14847), is being actively exploited ...
The Hacker News

Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack

Trust Wallet confirmed a supply chain attack let hackers push a malicious Chrome extension update, draining $8.5 million from ...
Cryptopolitan on MSN

Trust Wallet opens compensation portal for victims of Chrome browser exploit

Trust Wallet has launched a formal compensation package for victims of a security incident affecting its Chrome browser ...
Infosecurity Magazine

Five Key Flaws Exploited in 2025's Major Software Supply Chain Incidents

Infosecurity has selected five of the most significant vulnerability exploitation campaigns of 2025 that led to major ...