Bleeping Computer

RondoDox botnet exploits React2Shell flaw to breach Next.js servers

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. First documented by Fortinet in July ...
GamesRadar+

New PS5 and PS4 jailbreak exploits trigger a 1,000% surge in prices for an obscure remaster of the 24-year-old Star Wars Racer Revenge, with copies reaching $300

There have been a variety of developments in the PS5 hacking scene over the past handful of days, and it's all pointing to a happy new year for jailbreakers – and owners of the disc edition of Star ...
CSO Online

CISA flags max-severity bug in HPE OneView amid active exploitation

The flaw allows remote code execution via a public REST API, giving attackers a direct path to compromise enterprise ...
The New York Times

How Russia’s War Machine Brutalizes and Exploits Its Own Soldiers

In hundreds of official complaints, inadvertently posted online by the Russian government, soldiers and their loved ones describe a lawless and violent military apparatus that abuses its own troops to ...
Bleeping Computer

IBM warns of critical API Connect auth bypass vulnerability

IBM urged customers to patch a critical authentication bypass vulnerability in its API Connect enterprise platform that could allow attackers to access apps remotely. API Connect is an application ...
Fox News

Apple patches two zero-day flaws used in targeted attacks

Apple has released emergency security updates to fix two zero-day vulnerabilities that attackers actively exploited in highly targeted attacks. The company described the activity as an "extremely ...