Cybersecurity researchers at Barracuda uncovered GhostFrame, a slick phishing-as-a-service (PhaaS) kit, back in September 2025.
By early December, it powered over a million attacks worldwide. This kit hides its malice in plain sight by loading phishing content via an invisible iframe on a basic...
Hackers have found a way to secretly track users on popular messaging apps like WhatsApp and Signal using delivery receipts. These "silent" receipts let attackers monitor device activity without sending visible notifications.
Silent Probing Mechanics
Attackers send crafted messages, such as reactions to non-existent chats or...
CISA has added CVE-2025-55182, dubbed React2Shell, to its Known Exploited Vulnerabilities (KEV) catalog due to confirmed active exploitation.
This critical remote code execution flaw affects React Server Components and related frameworks.
Vulnerability Overview
React2Shell (CVE-2025-55182) carries a CVSS score of 10.0, enabling unauthenticated attackers to execute...
Cal.com, a popular open-source scheduling platform, faces a critical authentication flaw that allows attackers to bypass password checks by using fake TOTP codes.
Security researcher Emrysal disclosed the issue last week via GitHub Advisory GHSA-9r3w-4j8q-pw98.
Rated critical, it affects versions up to 5.9.7. Users...
Security researchers at JFrog uncovered three critical zero-day flaws in PickleScan, a key tool for detecting malware in Python pickle-based machine learning models, such as those in PyTorch.
These issues let attackers slip past scans and run harmful code when users load tainted models...
Security researchers have released React Server Components Surface Exposure Scanner, a free tool to detect exposed endpoints vulnerable to CVE-2025-55182.
This critical remote code execution (RCE) flaw in React Server Components (RSC) affects Next.js apps using React 19.
With a perfect CVSS score of...