The Hacker News

Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers

A critical CVSS 9.2 flaw in AdonisJS bodyparser lets attackers write arbitrary files via path traversal when uploads are ...
The Hacker News

Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia

Transparent Tribe (APT36) is linked to new cyber-espionage attacks using malicious LNK files, adaptive RATs, and long-term ...
Security Boulevard

Top CVEs of December 2025

December 2025 was a brutal reality check for security teams. While most were winding down for the holidays, threat actors weaponized a tectonic shift in the landscape, headlined by the... The post Top ...
CSO Online

Iranian APT Prince of Persia returns with new malware and C2 infrastructure

Once considered dormant, the threat group has been quite active in evolving its techniques and tools, with updated malware for reconnaissance and data exfiltration.
Security Boulevard

Denial-of-Service and Source Code Exposure in React Server Components

In early December 2025, the React core team disclosed two new vulnerabilities affecting React Server Components (RSC). These issues – Denial-of-Service and Source Code Exposure were found by security ...
Hosted on MSN

Security setting that could keep your files completely safe

ThioJoe explains the critical security setting that can help keep your files protected. Donald Trump’s negative approval rating breaks unwanted record VIDEO: Deadly car chase lawsuit in Lakewood Video ...
Hosted on MSN

Microsoft issues emergency Windows server security patch - update now or risk attack

Microsoft issues emergency patch for a critical WSUS flaw enabling remote code execution CVE-2025-59287 allows unauthenticated attackers to gain SYSTEM privileges without user interaction An ...
TechRepublic

Google Adds AI-Powered Ransomware Protection and Recovery to Drive for Desktop

Google Adds AI-Powered Ransomware Protection and Recovery to Drive for Desktop Your email has been sent Google is deploying an update to Drive for desktop that uses AI to analyze files for abnormal ...
Computerworld

For September, Patch Tuesday means fixes for Windows, Office and SQL Server

This month’s collection of fixes from Microsoft includes 86 patches — but at least there were no zero-day bugs. Microsoft released 86 patches this week with updates for Office, Windows, and SQL Server ...
USA Today

DOGE put Social Security data of millions of Americans at risk, whistleblower says

WASHINGTON ― Personal information of more than 300 million Americans is at risk of being leaked or hacked after employees of the Department of Government Efficiency uploaded a sensitive Social ...
NBC News

DOGE put Social Security numbers and other data on a risky server, whistleblower alleges

The Department of Government Efficiency put the personal data of millions of Americans, including Social Security numbers, on a vulnerable server in June, according to a new whistleblower complaint.
Engadget

Whistleblower claims DOGE uploaded Social Security data to unsecure cloud server

The Social Security Administration’s (SSA) chief data officer, Charles Borges, has filed a whistleblower complaint alleging that members of the Department of Government Efficiency (DOGE) uploaded a ...