AWS Blog Hackers exploit React2Shell in automated credential theft campaign
Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps....
Security Articles
Updated 10 min ago · 92 articles
What is Base64? A Deep Dive for Developers
Every developer has seen those long strings of random-looking characters — something like SGVsbG8gV29ybGQ= — and wondered what on earth they are. That's Base...
I stopped paying for third-party antivirus 14 years ago—here's how I keep Windows secure without it
Paid antivirus? In this economy?
Drift says $270 million exploit was a six-month North Korean intelligence operation
Attackers posed as a trading firm, met Drift contributors in person across multiple countries, deposited $1 million of their own capital, and waited half a y...
Google's Quantum Warning: Crypto Threat Closer Than Expected video
Google just warned that quantum computers could start breaking the complex encryption protecting cryptocurrencies much easier and sooner than expected.
The Hack That Exposed Syria’s Sweeping Security Failures
When Syrian government accounts were hijacked in March, the breach looked chaotic. But it revealed something more troubling: a state struggling with the most...
36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads...
Material Security
My thanks to Material Security for sponsoring this week at DF. Most security teams don’t have a talent problem, they have a noise problem. Manual phishing re...
Ad
Meta freezes AI data work after breach puts training secrets at risk
In short: Meta has suspended its collaboration with Mercor, a $10 billion AI data startup, after a supply chain attack exposed what may be the AI industry’s ...
OCSF explained: The shared data language security teams have been missing
The security industry has spent the last year talking about models, copilots, and agents, but a quieter shift is happening one layer below all of that: Vendo...
Ireland is testing out a digital wallet that conducts age verification for social media users
Before it's publicly available later this year, the Irish government is trialing its Government Digital Wallet, which includes a way to verify a user's age t...
New Rowhammer attack can grant kernel-level control on Nvidia workstation GPUs
A study from researchers at UNC Chapel Hill and Georgia Tech shows that GDDR6-based Rowhammer attacks can grant kernel-level access to Linux systems equipped...
Loading...
All 92 articles loaded