Skip to content
[email protected] (The Hacker News) Page 93

[email protected] (The Hacker News)

Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails

Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails

Dec 05, 2025Ravie LakshmananEmail Security / Threat Research A new agentic browser attack targeting Perplexity’s Comet browser that’s capable of turning a seemingly innocuous email into a destructive action that wipes a user’s entire Google… 

Read More »Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails
Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

Dec 05, 2025Ravie LakshmananApplication Security / Vulnerability A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity (XXE) injection attack. The vulnerability, tracked as CVE-2025-66516, is rated… 

Read More »Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch
Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability

Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability

Dec 05, 2025Ravie LakshmananVulnerability / Software Security Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) within hours of it becoming public knowledge.… 

Read More »Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability
Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery

Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery

A human rights lawyer from Pakistan’s Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the first time a civil society member in the country was targeted by Intellexa’s Predator spyware,… 

Read More »Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery
CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems

CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People’s Republic of China (PRC) to… 

Read More »CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems
JPCERT Confirms Active Command Injection Attacks on Array AG Gateways

JPCERT Confirms Active Command Injection Attacks on Array AG Gateways

Dec 05, 2025Ravie LakshmananVulnerability / Network Security A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited in the wild since August 2025, according to an alert issued by JPCERT/CC… 

Read More »JPCERT Confirms Active Command Injection Attacks on Array AG Gateways
Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China

Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China

The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China. The search engine optimization (SEO) poisoning campaign leverages… 

Read More »Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China