Search the Portal

Over 30 security vulnerabilities have been disclosed in various artificial intelligence (AI)-powered Integrated Development Environments (IDEs) that combine prompt injection primitives with legitimate features to achieve data exfiltration and remote code execution. The security shortcomings have been collectively named IDEsaster by security researcher Ari Marzouk (MaccariTA). They affect popular

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React Server Components (RSC) to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild. The vulnerability, CVE-2025-55182 (CVSS score: 10.0), relates to a case of remote code execution that could be triggered by an

A new agentic browser attack targeting Perplexity's Comet browser that's capable of turning a seemingly innocuous email into a destructive action that wipes a user's entire Google Drive contents, findings from Straiker STAR Labs show. The zero-click Google Drive Wiper technique hinges on connecting the browser to services like Gmail and Google Drive to automate routine tasks by granting them

A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity (XXE) injection attack. The vulnerability, tracked as CVE-2025-66516, is rated 10.0 on the CVSS scoring scale, indicating maximum severity. "Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an

Other noteworthy stories that might have slipped under the radar: Akamai patches HTTP smuggling vulnerability, Claude Skills used to execute ransomware, PickleScan flaws. The post In Other News: X Fined €120 Million, Array Flaw Exploited, New Iranian Backdoor appeared first on SecurityWeek.

The critical React vulnerability has been exploited in the wild by Chinese and other threat actors. The post Cloudflare Outage Caused by React2Shell Mitigations appeared first on SecurityWeek.

The cybersecurity startup detects impersonation risk in real-time, across video, phone, and chat communication. The post Imper.ai Emerges From Stealth Mode With $28 Million in Funding appeared first on SecurityWeek.

Warp Panda has been using the BrickStorm, Junction, and GuestConduit malware in attacks against US organizations. The post US Organizations Warned of Chinese Malware Used for Long-Term Persistence appeared first on SecurityWeek.

Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) within hours of it becoming public knowledge. The vulnerability in question is CVE-2025-55182 (CVSS score: 10.0), aka React2Shell, which allows unauthenticated remote code execution. It has been addressed in React versions 19.0.1, 19.1.2, and 19.2.1. According

A human rights lawyer from Pakistan's Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the first time a civil society member in the country was targeted by Intellexa's Predator spyware, Amnesty International said in a report. The link, the non-profit organization said, is a "Predator attack attempt based on the technical behaviour of the infection

Most MSPs and MSSPs know how to deliver effective security. The challenge is helping prospects understand why it matters in business terms. Too often, sales conversations stall because prospects are overwhelmed, skeptical, or tired of fear-based messaging. That’s why we created ”Getting to Yes”: An Anti-Sales Guide for MSPs. This guide helps service providers transform resistance into trust and

The startup will invest in expanding its engineering and research teams, deepening product integrations, and scaling go-to-market efforts. The post Lumia Security Raises $18 Million for AI Security and Governance appeared first on SecurityWeek.

Cloudflare recently mitigated a new record-breaking Aisuru attack that peaked at 14.1 Bpps. The post Aisuru Botnet Powers Record DDoS Attack Peaking at 29 Tbps appeared first on SecurityWeek.

Helmet Security has built an end-to-end platform that secures the infrastructure for agentic AI communication. The post Helmet Security Emerges From Stealth Mode With $9 Million in Funding appeared first on SecurityWeek.