12/5-7/2025

~ The Cyber Beat
China-Linked Warp Panda Targets North American Firms in Espionage Campaign

Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability

React2Shell Flaw Exploited to Breach 30 Orgs, 77K IP Addresses Vulnerable

Cloudflare Restores Services After Minor Dashboard Outage

Cloudflare Blames Today’s Outage on react2shell Mitigations

Krebs: SMS Phishers Pivot to Points, Taxes, Fake Retailers

Krebs: Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill

Crims Using Social Media Images, Videos in ‘Virtual Kidnapping’ Scams

Louvre to Bolster Its Security, Issues €57m Public Tender

Portugal Updates Cybercrime Law to Exempt Security Researchers

Maryland Man Sentenced for N. Korea IT Worker Scheme Involving U.S. Government Contracts

EU Fines X $140 Million Over Deceptive Blue Checkmarks

SolarWinds’ Tim Brown Escaped the SEC. Future Cyber Chiefs Might Not.		Pharma Firm Inotiv Discloses Data Breach After Ransomware Attack

Barts Health NHS Discloses Data Breach After Oracle Zero-Day Hack

Huge Trove of Nude Images Leaked by AI Image Generator Startup’s Exposed Database

New Wave of VPN Login Attempts Targets Palo Alto GlobalProtect Portals

Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails

Novel Clickjacking Attack Relies on CSS and SVG

Hackers are Exploiting ArrayOS AG VPN Flaw to Plant Webshells

Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

NCSC’s ‘Proactive Notifications’ Warns Orgs of Flaws in Exposed Devices

Death to One-Time Text Codes: Passkeys Are the New Hotness in MFA

A Tale of Two CISOs: Why An Engineering-Focused CISO Can Be a Liability

Published by The Cyber Beat

Leave a Reply