Breaking News – Cyber Threats (last 6h)
Generated: 2025-12-31 07:00 PST
- RondoDox botnet exploits React2Shell flaw to breach Next.js servers
BleepingComputer • 2025-12-31 06:58 • www.bleepingcomputer.com
The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. […]
https://www.bleepingcomputer.com/news/security/rondodox-botnet-exploits-react2shell-flaw-to-breach-nextjs-servers/ - IBM Warns of Critical API Connect Bug Allowing Remote Authentication Bypass
The Hacker News • 2025-12-31 05:37 • thehackernews.com
IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application.
The vulnerability, tracked as CVE-2025-13915, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw.
“IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain
https://thehackernews.com/2025/12/ibm-warns-of-critical-api-connect-bug.html - Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry
The Hacker News • 2025-12-31 05:29 • thehackernews.com
Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight modifications from the previous wave observed last month.
The npm package that embeds the novel Shai Hulud strain is “@vietmoney/react-big-calendar,” which was uploaded to npm back in March 2021 by a user named “hoquocdat.” It was updated for the first time on
https://thehackernews.com/2025/12/researchers-spot-modified-shai-hulud.html - LinkedIn Job Scams
Schneier on Security • 2025-12-31 04:03 • www.schneier.comInteresting article on the variety of LinkedIn job scams around the world:
In India, tech jobs are used as bait because the industry employs millions of people and offers high-paying roles. In Kenya, the recruitment industry is largely unorganized, so scamsters leverage fake personal referrals. In Mexico, bad actors capitalize on the informal nature of the job economy by advertising fake formal roles that carry a promise of security. In Nigeria, scamsters often manage to get LinkedIn users to share their lo…
https://www.schneier.com/blog/archives/2025/12/linkedin-job-scams.html - IBM warns of critical API Connect auth bypass vulnerability
BleepingComputer • 2025-12-31 02:34 • www.bleepingcomputer.com
IBM urged customers to patch a critical authentication bypass vulnerability in its API Connect enterprise platform that could allow attackers to access apps remotely. […]
https://www.bleepingcomputer.com/news/security/ibm-warns-of-critical-api-connect-auth-bypass-vulnerability/ - Disney will pay $10 million to settle children's data privacy lawsuit
BleepingComputer • 2025-12-31 01:43 • www.bleepingcomputer.com
Disney has agreed to pay a $10 million civil penalty to settle claims that it violated the Children’s Online Privacy Protection Act by mislabeling videos and allowing data collection for targeted advertising. […]
https://www.bleepingcomputer.com/news/security/disney-will-pay-10m-to-settle-claims-of-childrens-privacy-violations-on-youtube/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
