CSO Online

React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web

The explosive, easy-to-trigger vulnerability was exploited within hours of disclosure, exposing the risks of default ...
The Hacker News

CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution

CISA adds an actively exploited Digiever DS-2105 Pro NVR vulnerability to KEV, warning of botnet attacks and urging ...
CoinDesk

Polymarket points to third-party login tool after users report account breaches

The platform attributed the incident to a third-party login provider, which several users speculated was Magic Labs, a ...

Home Depot exposed access to internal systems for a year, says researcher

A security researcher tried to alert Home Depot to the security lapse exposing its back-end GitHub source code repos and other internal cloud systems, but was ignored.
InfoWorld

Developers urged to immediately upgrade React, Next.js

Critical vulnerability in React library should be treated by IT as they did Log4j - as an emergency, warns one expert. Developers using the React 19 library for building application interfaces are ...
Computerworld

More work for admins as Google patches latest zero-day Chrome vulnerability

For the third time in recent months, Google has found itself scrambling to fix a potentially serious zero-day flaw in the Chrome browser’s V8 JavaScript engine. Addressed on Monday as part of an ...
Bleeping Computer

DoorDash email spoofing vulnerability sparks messy disclosure dispute

A vulnerability in DoorDash's systems could allow anyone to send "official" DoorDash-themed emails right from company's authorized servers, paving a near-perfect phishing channel. DoorDash has now ...
9to5google

These are the new Google Photos and Maps icons with a gradient redesign

Following the ‘G’ and Gemini icons, Google is updating its logos for the AI era. Here’s a sneak peek at the new gradient icons for Google Photos and Maps. In May, the Google (Search) app got a new ...
Homeland Security Today

CYBERSECURITY’S TRUST DEFICIT: Why We Need Responsible Transparency

The cybersecurity industry has a major trust problem. While demanding visibility from customers about their networks, applications and threats, security providers often operate their own businesses ...
CoinTelegraph

Unity Android flaw could drain gamers’ crypto wallets: How to protect yourself

The Unity gaming platform is quietly rolling out a fix for a vulnerability that allows third-party code to run in Android-based mobile games, which can potentially target mobile crypto wallets, ...
Network World

New Supermicro BMC vulnerabilities open servers to malicious attacks on firmware

Researchers have published details of two new flaws in Supermicro baseband management controller (BMC) firmware that hint at deeper weaknesses in the way the company currently secures this type of low ...
Wired

This Microsoft Entra ID Vulnerability Could Have Been Catastrophic

As businesses around the world have shifted their digital infrastructure over the last decade from self-hosted servers to the cloud, they’ve benefitted from the standardized, built-in security ...