IBM Warns of Critical Auth Bypass Bug in API Connect
IBM published updates for the affected versions of API Connect on Jan. 2., and urged organizations to update affected versions as soon as possible.
All topics
Vulnerabilities
32 Posts
Serious MongoDB Flaw CVE-2025-14847 Under Exploitation
MongoDB disclosed the vulnerability (CVE-2025-14847) on Dec. 19 and a few days later, a public exploit for it appeared online.
Russian Targeting of Edge Devices. Cisco AsyncOS Zero Day, and React2Shell Won’t Go Away
As we ease into the holidays, the security news doesn’t stop coming. This week we discuss the research from AWS threat intelligence on Russian adversaries targeting a variety of network edge devices for opportunistic exploitation, then we break down attacks by a Chinese threat actor that target a new zero day in Cisco’s AsyncOS, and finally we discuss the […]
React2Shell, Typhoon Attacks, and Why Our Infrastructure is So Vulnerable
Dennis and Lindsey react (!) to the React2Shell vulnerability disclosure and the quick exploitation of it by Chinese threat actors, then discuss the continues intrusions into critical infrastructure by the Salt Typhoon actors and this week’s congressional hearing on telecom network security. Finally, we talk about some upcoming hacker movie episodes, including Die Hard and maybe Home Alone!
Critical Flaw CVE-2025-55182 Affects React Server Components
All developers using React Server Components are urged to upgrade immediately, and some apps that don’t include React Server Function endpoints could be vulnerable, as well.
Fortinet CVE-2025-64446 Under Active Attack
That vulnerability (CVE-2025-64446) affects several versions of FortiWeb and CISA has added it to its Known Exploited Vulnerabilities catalog.