The Hacker News

[New] React just found more bugs hiding in its last big patch. 🧩 CVE-2025-55184 & CVE-2025-67779 — can crash servers with one request. 🧩 CVE-2025-55183 — can leak source code from React Server Components. 👀 All discovered while testing the earlier CVE-2025-55182 fix. Update to versions 19.0.3, 19.1.4, or 19.2.3 now. 🔗 Read: https://thehackernews.com/2025/12/new-react-rsc-vulnerabilities-enable.html

🚨 Over 137,000 servers are wide open. Hackers are using the React2Shell bug (CVE-2025-55182) to take over web servers — no password needed. Even U.S. government sites are being hit, and the attacks are spreading fast through Next.js apps online. If your team hasn’t patched yet, you’re already late. 🔗 Read: https://thehackernews.com/2025/12/react2shell-exploitation-escalates-into.html

🤖 AI is reshaping identity security. It spots unusual behavior, adjusts access in real time, and keeps every identity in check. Smart IAM isn’t about more tools — it’s about one connected system: the identity fabric. 🔗 Learn how it works: https://thehackernews.com/expert-insights/2025/12/ai-in-iam-is-it-truly-valuable.html

🚨 CISA just confirmed active exploitation of a new GeoServer flaw (CVE-2025-58360). It’s unauthenticated — the /geoserver/wms endpoint can be abused to access files or hit internal systems if not patched. 🔗 Read: https://thehackernews.com/2025/12/cisa-flags-actively-exploited-geoserver.html

💥 Cyber Week, unfiltered! 🔹 Malware disguised as movies. 🔹 Rootkits bypassing Windows. 🔹 AI tools turning risky. 🔹 Docker leaks spilling secrets. 🔹 Governments dialing up surveillance. This week’s ThreatsDay Bulletin maps it all — from global crackdowns to code-level chaos. 🔗 Read → https://thehackernews.com/2025/12/threatsday-bulletin-spyware-alerts.html

💻 ⚠️ Hackers are hiding inside Google Drive. Researchers found a Windows backdoor called NANOREMOTE that uses the Google Drive API to steal files and run commands. It even pretends to be Bitdefender software so it looks safe. Experts say it’s linked to a Chinese hacking group targeting government and defense networks. 🔗 Read: https://thehackernews.com/2025/12/nanoremote-malware-uses-google-drive.html

Want a Master’s in Cybersecurity Risk Management? Apply by the priority deadline with no application fee. Learn more: https://thn.news/georgetown-cyber-master

🤖 Bots now outnumber people in some companies. They work fast — but each one has access to sensitive data. Without the right controls, one weak bot can open the door to hackers. Learn how to keep your RPA bots safe and your systems secure. 🔗 Read: https://thehackernews.com/2025/12/the-impact-of-robotic-process.html

⚠️ Hackers are still hitting Middle East governments. A group called WIRTE (Ashen Lepus) is expanding to Oman and Morocco with new malware named AshTag. It hides in fake political PDFs — open one, and it steals your files. 🔗 Read ↓ https://thehackernews.com/2025/12/wirte-leverages-ashenloader-sideloading.html

🚨 700+ Gogs servers hacked — no patch yet. New flaw (CVE-2025-8110) lets attackers overwrite files and run code through symbolic links, bypassing last year’s fix. Wiz found Supershell malware — often used by Chinese groups — on many hacked servers. 🔗 Read: https://thehackernews.com/2025/12/unpatched-gogs-zero-day-exploited.html

🕵️ Google just patched a Chrome zero-day that’s already being exploited. The flaw’s details are hidden for now—so attackers can’t copy it before everyone updates. Update your Chrome and hit “Relaunch” to stay safe. 🔗 Read ↓ https://thehackernews.com/2025/12/chrome-targeted-by-active-in-wild.html

🚨 Hackers are attacking CentreStack and Triofox right now using a built-in key that never changes. It lets them break in, read the web.config file, and run code on the server. At least 9 companies have already been hit. 🔗 Read: https://thehackernews.com/2025/12/hard-coded-gladinet-keys-let-attackers.html

🚨 New: React2Shell attacks are surging. Hackers are exploiting a critical RSC flaw (CVE-2025-55182) to install crypto miners and new malware — PeerBlight, CowTunnel, and ZinFoq. 🔗 Read: https://thehackernews.com/2025/12/react2shell-exploitation-delivers.html

🚨 A .NET flaw called “SOAPwn” lets hackers run code on enterprise apps — no patch from Microsoft. Researchers at Black Hat Europe showed how SOAP clients can be tricked into writing files or web shells, hitting tools like Barracuda RMM and Ivanti EPM. 🔗 Full details here ↓ https://thehackernews.com/2025/12/net-soapwn-flaw-opens-door-for-file.html

⚠️ Attackers don't care about your model's safety scores. They care about what it connects to - and what they can reach from a single prompt. Even if you tested before deployment, in production your agent connects to tools, APIs, databases - an attack surface nobody validated. Pillar Security launches today RedGraph - the world-first attack surface mapping & testing for AI agents. Check it out: https://thn.news/redgraph-insights

⚠️ Three new PCIe security flaws found — they let hackers change or fake data moving between computer parts. They affect some Intel Xeon and AMD EPYC chips. The problem? It’s in the encryption that was supposed to keep data safe. 🔗 Read → https://thehackernews.com/2025/12/three-pcie-encryption-weaknesses-expose.html

⚠️ WinRAR just made CISA’s “actively exploited” list. Russian, South Asian, and Ukrainian-targeting hacker groups are using the flaw to hijack Windows — by planting code that runs every time Word opens. 🔗 Patch WinRAR now ↓ https://thehackernews.com/2025/12/warning-winrar-vulnerability-cve-2025.html

⚡WEBINAR ⤑ Hackers are finding new ways into the cloud and most tools can’t spot them. Next week, the #PaloAltoNetworks team will show real examples of how attacks happen and how to block them. 🔗 Join the live session to learn how to protect your setup: https://thehackernews.com/2025/12/webinar-how-attackers-exploit-cloud.html

⚠️ Microsoft just fixed 56 Windows bugs — one’s already being exploited. It hides in the Cloud Files driver used by OneDrive, Google Drive, and iCloud — even if those apps aren’t installed. Hackers can chain it with phishing to gain SYSTEM access. Plus: 2 zero-days in PowerShell and GitHub Copilot for JetBrains. 🔗 Details ↓ https://thehackernews.com/2025/12/microsoft-issues-security-fixes-for-56.html

⚠️ Fortinet, Ivanti & SAP just fixed critical bugs that let attackers break in or run code remotely. ➜ Fortinet: auth bypass via fake SAML login. ➜ Ivanti: admin takeover through poisoned dashboards. ➜ SAP: code injection in Solution Manager (CVSS 9.9). 🔗Patch Now: https://thehackernews.com/2025/12/fortinet-ivanti-and-sap-issue-urgent.html