All topics
Dennis and Lindsey react (!) to the React2Shell vulnerability disclosure and the quick exploitation of it by Chinese threat actors, then discuss the continues intrusions into critical infrastructure by the Salt Typhoon actors and this week’s congressional hearing on telecom network security. Finally, we talk about some upcoming hacker movie episodes, including Die Hard and maybe Home Alone!
All developers using React Server Components are urged to upgrade immediately, and some apps that don’t include React Server Function endpoints could be vulnerable, as well.
That vulnerability (CVE-2025-64446) affects several versions of FortiWeb and CISA has added it to its Known Exploited Vulnerabilities catalog.
This week was a bit of a throwback to olden times, with the disclosure by Amazon threat intelligence of zero days in Cisco and Citrix products that were exploited by an unnamed APT, and Google using legal action to disrupt the Lighthouse phishing service operation. We dig into those two stories, plus we discuss the […]
The chain of discovery began with Amazon's security honeypot service, MadPot, which detected exploitation attempts for the Citrix Bleed Two vulnerability (CVE-2025-5777) before its public disclosure
The important-severity flaw (CVE-2025-62215) has been exploited, said Microsoft.
