December 2025, the RondoDox botnet operators have been targeting Next.js servers impacted by the React2Shell vulnerability.

Flow Foundation has entered phase two of its recovery after a $3.9 million exploit hit the network on December 27, 2025.

Flow updated users this week on the progress on its remediation plan following a December exploit, but also called out one ...

A controversy is swirling at a Texas university. The trigger? A flowchart. On Dec. 1, the new chancellor of the Texas Tech University system sent professors a diagram laying out a chain of approval ...

Security researchers at Sysdig have observed new campaigns exploiting React2Shell which appear to have the hallmarks of North Korean hackers. React2Shell is a remote code execution vulnerability in ...

Windows doesn’t offer a single switch to disable Exploit Protection completely. You can only disable individual mitigations system-wide or per app. We strongly recommend turning it off only for ...

Update Nov. 3, 10:42 am UTC: This article has been updated to include a section on Berachain’s emergency hard fork. Update Nov. 3, 9:47 am UTC: This article has been updated to add the latest figures, ...

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Admit it: the first thing you think of when ransomware is ...

Pixnapping could be used to steal private data, including 2FA codes. Side-channel attack abuses Google Android APIs to steal data on display. Flaw is partially patched, although a more complete fix is ...

A new phishing campaign leveraging SVG files to deliver JavaScript-based redirect attacks has been uncovered by cybersecurity researchers. The attack utilizes seemingly benign image files to conceal ...