Breaking News – Cyber Threats (last 6h)
Generated: 2025-12-03 16:00 PST
- Why Does Have I Been Pwned Contain "Fake" Email Addresses?
Troy Hunt • 2025-12-03 15:37 • www.troyhunt.comNormally, when someone sends feedback like this, I ignore it, but it happens often enough that it deserves an explainer, because the answer is really, really simple. So simple, in fact, that it should be evident to the likes of Bruce, who decided his misunderstanding deserved a 1-star Trustpilot review
https://www.troyhunt.com/why-does-have-i-been-pwned-contain-fake-email-addresses/
- Marquis data breach impacts over 74 US banks, credit unions
BleepingComputer • 2025-12-03 14:06 • www.bleepingcomputer.com
Financial software provider Marquis Software Solutions is warning that it suffered a data breach that impacted dozens of banks and credit unions across the US. […]
https://www.bleepingcomputer.com/news/security/marquis-data-breach-impacts-over-74-us-banks-credit-unions/ - Critical flaw in WordPress add-on for Elementor exploited in attacks
BleepingComputer • 2025-12-03 13:31 • www.bleepingcomputer.com
Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025-8489) in the King Addons for Elementor plugin for WordPress, which lets them obtain administrative permissions during the registration process. […]
https://www.bleepingcomputer.com/news/security/critical-flaw-in-wordpress-add-on-for-elementor-exploited-in-attacks/ - French DIY retail giant Leroy Merlin discloses a data breach
BleepingComputer • 2025-12-03 12:52 • www.bleepingcomputer.com
Leroy Merlin is sending security breach notifications to customers in France, informing them that their personal data was compromised. […]
https://www.bleepingcomputer.com/news/security/french-diy-retail-giant-leroy-merlin-discloses-a-data-breach/ - Freedom Mobile discloses data breach exposing customer data
BleepingComputer • 2025-12-03 12:28 • www.bleepingcomputer.com
Freedom Mobile, the fourth-largest wireless carrier in Canada, has disclosed a data breach after attackers hacked into its customer account management platform and stole the personal information of an undisclosed number of customers. […]
https://www.bleepingcomputer.com/news/security/freedom-mobile-discloses-data-breach-exposing-customer-data/ - Shai Hulud 2.0, now with a wiper flavor
Securelist • 2025-12-03 12:10 • securelist.com
Kaspersky researchers uncover a new version of the Shai Hulud npm worm, which is attacking targets in Russia, India, Brazil, China, and other countries, and has wiper features.
https://securelist.com/shai-hulud-2-0/118214/ - Attempts to Bypass CDNs, (Wed, Dec 3rd)
SANS ISC Diary (full) • 2025-12-03 11:31 • isc.sans.eduCurrently, in order to provide basic DDoS protection and filter aggressive bots, some form of Content Delivery Network (CDN) is usually the simplest and most cost-effective way to protect a web application. In a typical setup, DNS is used to point clients to the CDN, and the CDN will then forward the request to the actual web server. There are a number of companies offering services like this, and cloud providers will usually have solutions like this as well.
- Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution
The Hacker News • 2025-12-03 10:19 • thehackernews.com
A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution.
The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0.
It allows “unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints,” the React Team said in
https://thehackernews.com/2025/12/critical-rsc-bugs-in-react-and-nextjs.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
