CVSS 10.0 RCE in React Server Components
A 10.0 CVSS flaw in React and Next.js which allows remote code execution is actively exploited. Update as soon as possible.
Read MoreWindows 11 Updates Hides Password Sign In Option
Recent Windows 11 updates hide the password icon on the lock screen, but Microsoft says users can still log in by clicking the invisible button where the icon should be.
Read MoreNew Android Banking Malware Reads Encrypted Chats After Message Decryption
Researchers have uncovered Sturnus, a new Android trojan malware that reads encrypted messaging app content and remotely controls devices. Early targets have been European banking users, but larger scale attacks are likely to come.
Read MoreMicrosoft Teams Flaws Allowed Message Spoofing And Executive Impersonation
Four now-patched Microsoft Teams vulnerabilities let attackers spoof executives, edit messages without the edit tag, and forge caller identities.
Read MoreRecent Email and Business-Filing Scams Target Wyoming Organizations
A recent email-account hijack and a fake Wyoming Secretary of State filing notice show how convincing modern scams can be.
Read MoreAmazon Attributes AWS Disruption to Race Condition in DNS Automation
Amazon says a race condition in DynamoDB’s DNS automation caused the us-east-1 outage, with knock-on effects to multiple AWS services; the issue has since been resolved, and services are up and running.
Read MoreMicrosoft Patches 9.9-Rated ASP.NET Core Request-Smuggling Flaw
Microsoft fixed CVE-2025-55315, a Kestrel request-smuggling bug rated 9.9 (Critical). Updates for ASP.NET Core and Visual Studio are available; admins should patch and restart affected apps.
Read MorePSA: Discord Says Third-Party Support Breach Exposed ~70k Users’ Government IDs; Hackers claim 2.1M
Discord confirms a third-party support breach and says ~70k users’ ID photos may have been exposed; hackers claim 2.1M, as while as totals of 5.5M users and 1.6TB of data.
Read MoreWindows 10 Support Ends October 14, What Can I Do?
Windows 10 support ends October 14, 2025. One extra year of security updates is available via ESU.
Read MoreFake AI CAPTCHA Pages Used to Bypass Phishing Defenses
Researchers warn that fake CAPTCHA pages generated on AI-native platforms are helping phishing sites evade scanners and trick users into surrendering credentials.
Read More