Sources

Bleeping Computer.

ThreatPost

React2Shell and related RSC vulnerabilities threat brief: early exploitation activity and threat actor techniques

The Cloudflare Blog

Shifting left at enterprise scale: how we manage Cloudflare with Infrastructure as Code

The Cloudflare Blog

Python Workers redux: fast cold starts, packages, and a uv-first workflow

The Cloudflare Blog

Processing 630 Million More Pwned Passwords, Courtesy of the FBI

Troy Hunt

Weekly Update 481

Troy Hunt

Why Does Have I Been Pwned Contain "Fake" Email Addresses?

Troy Hunt

Multiple CVEs in Infoblox NetMRI: RCE, Auth Bypass, SQLi, and File Read Vulnerabilities

Rhino Security Labs

CVE-2025-26147: Authenticated RCE In Denodo Scheduler

Rhino Security Labs

New Pacu Module: Secret Enumeration in Elastic Beanstalk

Rhino Security Labs

Multiple Threat Actors Exploit React2Shell (CVE-2025-55182)

Mandiant Threat Intelligence

Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue

Mandiant Threat Intelligence

Beyond the Watering Hole: APT24's Pivot to Multi-Vector Attacks

Mandiant Threat Intelligence

The Good, the Bad and the Ugly in Cybersecurity – Week 50

SentinelOne Blog

CyberVolk Returns | Flawed VolkLocker Brings New Features With Growing Pains

SentinelOne Blog

Cybersecurity 2026 | The Year Ahead in AI, Adversaries, and Global Change

SentinelOne Blog

Sources

Bleeping Computer.

Beware: PayPal subscriptions abused to send fake purchase emails

CyberVolk’s ransomware debut stumbles on cryptography weakness

Apple fixes two zero-day flaws exploited in 'sophisticated' attacks

WeLiveSecurity

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Reputation matters – even in the ransomware economy

Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity

ThreatPost

Sophos Threat Research

A big finish to 2025 in December’s Patch Tuesday

React2Shell flaw (CVE-2025-55182) exploited for remote code execution

GOLD SALEM tradecraft for deploying Warlock ransomware

The Akamai Blog

Stop Overpaying for East-West Traffic Control: Firewalls vs. Security Groups

CVE-2025-66516: Detecting and Defending Against Apache Tika XXE Attack

How Akamai Is Powering Trust in Tomorrow’s AI-Driven Ecosystem

The Cloudflare Blog

React2Shell and related RSC vulnerabilities threat brief: early exploitation activity and threat actor techniques

Shifting left at enterprise scale: how we manage Cloudflare with Infrastructure as Code

Python Workers redux: fast cold starts, packages, and a uv-first workflow

Troy Hunt

Processing 630 Million More Pwned Passwords, Courtesy of the FBI

Weekly Update 481

Why Does Have I Been Pwned Contain "Fake" Email Addresses?

Rhino Security Labs

Multiple CVEs in Infoblox NetMRI: RCE, Auth Bypass, SQLi, and File Read Vulnerabilities

CVE-2025-26147: Authenticated RCE In Denodo Scheduler

New Pacu Module: Secret Enumeration in Elastic Beanstalk

Mandiant Threat Intelligence

Multiple Threat Actors Exploit React2Shell (CVE-2025-55182)

Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue

Beyond the Watering Hole: APT24's Pivot to Multi-Vector Attacks

SentinelOne Blog

The Good, the Bad and the Ugly in Cybersecurity – Week 50

CyberVolk Returns | Flawed VolkLocker Brings New Features With Growing Pains

Cybersecurity 2026 | The Year Ahead in AI, Adversaries, and Global Change

Sources

Bleeping Computer.

WeLiveSecurity

ThreatPost

Sophos Threat Research

The Akamai Blog

The Cloudflare Blog

Troy Hunt

Rhino Security Labs

Mandiant Threat Intelligence

SentinelOne Blog

Managed ad