Today we’re covering two cybercrime research stories: Tune in to this story on Spotify, Apple Podcasts, YouTube (below), and/or keep reading this article for the highlights. We also have instructions for a giveaway in the video episode for CTF players who would like another shot at unlocking a shirt from a past challenge… React2Shell (CVE-2025-55182) […] The post Winter CTF Giveaway?!, React2Shell (CVE-2025-55182), and Gamers are a Major Infostealer Malware Target appeared first on Flare | Threat Exposure Management | Unmatched Visibility into Cybercrime.

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com Could you triage an alert on the spot? Join us for a free one-hour BHIS webcast with SOC Analyst Tom Dejong and learn why alert triage is a crucial skill for every SOC analyst. Tom will teach you the basics of triage, including alert anatomy, how to separate real threats from noise, and when to escalate or close an alert. You’ll also learn documentation best practices, common mistakes to avoid, and tips for strengthening your soft skills. This webcast is ideal for anyone starting out in a SOC or looking to sharpen their foundational skills. Chat with your fellow attendees in the Antisyphon Discord server: https://discord.gg/bhis in the #🔴live-chat channel

Automated password rotation helps protect both cloud and on-premises environments from unauthorized access and credential compromise by reducing the risk associated with exposed credentials. Suspicious or unrecognized login attempts may indicate stolen credentials, compromised accounts, or malicious insider activity. By proactively managing credentials and monitoring authentication events, organizations reduce the risk of insider threats while […] The post Automated password rotation with Wazuh and Shuffle appeared first on Wazuh.

Setting goals is a deceptively simple career skill we all know is important, but how do you set goals you’re actually excited to work towards? The post How to Set Smart Goals (That Actually Work For You) appeared first on Black Hills Information Security, Inc..

Today we’re covering two cybercrime stories: Leaky Weekly is taking a break this week and Nick spoke with Simply Cyber – Gerald Auger, PhD for 2025 Cybercrime Wrapped:   Keep reading for current events in cybercrime.  Cyber Practitioners Living Double Lives as Ransomware Collaborators Two cybersecurity professionals have been indicted in Florida earlier this month for […] The post Cyber Practitioners Doubling as Ransomware Collaborators, Russian Infostealer Developers Arrested appeared first on Flare | Threat Exposure Management | Unmatched Visibility into Cybercrime.

Everything you need to know about npm compromises from Shai-Hulud’s latest campaign, including detection and prevention guidance

Hamas-affiliated threat actor Ashen Lepus (aka WIRTE) is conducting espionage with its new AshTag malware suite against Middle Eastern government entities. The post Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite appeared first on Unit 42.

In this post, we investigate a recent phishing campaign that targets Microsoft 365 users.

The Shai‑Hulud 2.0 supply chain attack represents one of the most significant cloud-native ecosystem compromises observed recently. Attackers maliciously modified hundreds of publicly available packages, targeting developer environments, continuous integration and continuous delivery (CI/CD) pipelines, and cloud-connected workloads to harvest credentials and configuration secrets. The Shai‑Hulud 2. The post Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack appeared first on Microsoft Security Blog.

We peel back the layers on a threat involving an adversary who brought their own VM into an environment following aggressive spam bombing.

01flip is a new ransomware family fully written in Rust. Activity linked to 01flip points to alleged dark web data leaks. The post 01flip: Multi-Platform Ransomware Written in Rust appeared first on Unit 42.

Password reuse is common in Active Directory (AD). From an attacker’s perspective, it is a reliable path to lateral movement or privilege escalation. Most IT teams recognize the risk, but longer passwords and password…

TLDR This post shows how to achieve a full authentication bypass in the Ruby and PHP SAML ecosystem by exploiting several parser-level inconsistencies: including attribute pollution, namespace confusi

Inside the Salesloft-Drift Breach: What It Means for SaaS & Identity Security In this session, Permiso’s CTO will cover:– How attackers moved from GitHub → AWS → Salesforce using stolen OAuth tokens.– Why this “all-machine” attack is a wake-up call for SaaS supply chains and NHIs.– Practical steps to detect and contain similar threats in […]

By Flare Research React2Shell is a newly disclosed vulnerability (CVE-2025-55182) that has exposed a critical flaw at the core of React Server Components (RSC), enabling unauthenticated remote code execution (RCE) in applications using React 19 and frameworks built on top of RSC, most notably Next.js. Current telemetry suggests that more than 1.4 million publicly accessible […] The post React2Shell (CVE-2025-55182): A Critical RCE in React Server Components appeared first on Flare | Threat Exposure Management | Unmatched Visibility into Cybercrime.

Join us LIVE on Mondays, 4:30pm EST. A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team. https://bhisnews.transistor.fm Chat with us on Discord! - https://discord.gg/bhis 🔴live-chat 🔗 Register for FREE webcasts, summits, and workshops - https://poweredbybhis.com Brought to you by: 🔗 Black Hills Information Security https://www.blackhillsinfosec.com/ 🔗 Antisyphon Training https://www.antisyphontraining.com/ #livestream #infosec #news #BHIS #podcast #Cybersecurity #infosecnews

Model Context Protocol connects LLM apps to external data sources or tools. We examine its security implications through various attack vectors. The post New Prompt Injection Attack Vectors Through MCP Sampling appeared first on Unit 42.

By Assaf Morag, Cybersecurity Researcher  The SessionReaper vulnerability (CVE-2025-54236), recently added to the CISA Known Exploitable Vulnerabilities (KEV) index, has rapidly become a dangerous threat facing Adobe Commerce and Magento merchants worldwide. While many publications focus on the technical flaw and its surface-level exploitation, we’ll take a different approach and dive into the cybercrime ecosystem […] The post SessionReaper (CVE-2025-54236) Discussions on the Dark Web and Telegram appeared first on Flare | Threat Exposure Management | Unmatched Visibility into Cybercrime.

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com Join Kent Ickler and Jordan Drysdale (Security Consultants and Penetration Testers) for a free one-hour BHIS webcast and demo session on ARM templates, building lab environments that includes tool installations, and finally, live demos of as many pentest tools as possible in an hour. They have far more information than can be covered in an hour, so a PDF with additional instructions and details will be provided to all attendees. If you want this webcast to be more hands-on, pre-configure a pay-as-you-go Azure account. Chat with your fellow attendees in the Black Hills Infosec Discord server: https://discord.gg/BHIS in the #🔴live-chat channel.

Home Alone 2 offers some some sage wisdom about cloud security. Here's what defenders can learn from Kevin McCallister.

We discuss the CVSS 10.0-rated RCE vulnerabilities in the Flight protocol used by React Server Components. These are tracked as CVE-2025-55182 and CVE-2025-55182-66478. The post Critical Vulnerabilities in React Server Components and Next.js appeared first on Unit 42.

Learn more about the CVE-2025-55182 vulnerability affecting React Server Components and affecting Next.js.

The TrustedSec PMA is a tactical approach to evaluating the components, efficiency, and overall maturity of an organization’s Information Security program.Unlike a traditional compliance audit, the PMA is designed as a…

What happens when you ditch the tiered ticket queues and replace them with collaboration, agility, and real-time response? In this interview, Hayden Covington takes us behind the scenes of the BHIS Security Operations Center, which is where analysts don’t escalate tickets, they solve them. The post Inside the BHIS SOC: A Conversation with Hayden Covington  appeared first on Black Hills Information Security, Inc..

Neo is a cloud-based AI security engineer that works alongside your team and takes on real security tasks like a true co-engineer. As it operates, it continuously learns your systems and processes, improving over time just like an engineer ramping up on your team. Neo is built as a framework, not as a black box. It combines the reasoning of large language models with purpose-built execution tools, isolated sandboxes, a memory layer that learns your code, architecture and naming, and deep integr