Cybercrime
-
Cloudflare says emergency React2Shell patch caused brief network outage
Cloudflare said an emergency change to its Web Application Firewall to mitigate the critical React2Shell vulnerability briefly made its network unavailable, causing widespread 500 errors. The React flaw can allow unauthenticated remote code execution and researchers report active exploitation and circulating proof-of-concept exploits.
-
JPCERT/CC confirms active exploitation of command injection in Array AG gateways
JPCERT/CC says a command injection vulnerability in Array Networks AG Series gateways has been exploited since August 2025 to drop web shells; Array fixed the flaw in May and users are urged to apply ArrayOS 9.4.5.9 or disable DesktopDirect and block semicolon-containing URLs if they cannot patch immediately.
-
Silver Fox uses fake Microsoft Teams installers in false-flag ValleyRAT campaign
Security researchers report that the Silver Fox group has run an SEO poisoning campaign since November 2025 that uses fake Microsoft Teams installers to deliver ValleyRAT to organisations in China; technical analysis from ReliaQuest and Nextron Systems details layered infection chains, false-flag indicators and the use of vulnerable drivers.
-
U.S. to release six-part national cybersecurity strategy in January, sources say
Sources say the Trump administration plans to release a five-page, six-pillar national cybersecurity strategy in January, emphasizing deterrence, workforce, procurement, infrastructure and emerging technologies; an executive order and exact timing remain unconfirmed.
-
GoldFactory modifies banking apps to spread Android remote-access trojans across Southeast Asia, Group-IB reports
Group-IB said GoldFactory has been distributing modified banking apps across Thailand, Vietnam and Indonesia to deploy Android remote-access trojans that abuse accessibility services, and researchers uncovered a pre-release variant called Gigaflower with advanced data-extraction features.
-
Cloudflare mitigates 29.7 Tbps DDoS attack linked to AISURU botnet
Cloudflare said it mitigated a 29.7 Tbps DDoS attack linked to the AISURU botnet; the UDP “carpet-bombing” assault lasted 69 seconds, the target was not disclosed, and the company flagged a rise in large, sophisticated attacks in 2025.
-
Leroy Merlin notifies French customers after data breach
Leroy Merlin has notified customers in France that personal data including names, contact details, postal addresses, dates of birth and loyalty information were exposed in a cyberattack; the company said banking data and passwords were not affected and that it has taken steps to contain the incident.
-
Freedom Mobile discloses breach after subcontractor account used to access customer data
Freedom Mobile said attackers used a subcontractor’s account to access its customer account management platform, exposing names, addresses, dates of birth, phone numbers and account numbers; the company detected the breach on October 23 and has not disclosed the number of affected customers.
-
Critical privilege-escalation flaw in King Addons plugin under active exploitation
A high-severity privilege-escalation vulnerability (CVE-2025-8489, CVSS 9.8) in the King Addons for Elementor WordPress plugin is being actively exploited; administrators should update to version 51.1.35, audit for suspicious admin users, and monitor for unusual activity.
-
Water Saci campaign in Brazil uses WhatsApp worm, HTA and Python to deliver banking trojan; RelayNFC Android malware also active
Researchers say the Water Saci group has adopted a layered HTA/PDF/WhatsApp Web worm and a Python-based propagation script to deliver an AutoIt-backed banking trojan in Brazil, while a separate RelayNFC Android threat targets contactless payments.
