Sanctioned Intellexa Continues to Deploy Multiple Mobile Zero-Day Exploits
TL;DR Google's Threat Intelligence Group reports that Intellexa, despite US sanctions, remains an active commercial spyware vendor exploiting numerous mobile…
Multiple Threat Actors Exploiting React2Shell (CVE-2025-55182)
TL;DR A critical unauthenticated RCE in React Server Components, CVE-2025-55182 (React2Shell), was disclosed Dec. 3, 2025 and quickly saw widespread…
Microsoft fixes 60+ Windows vulnerabilities in November Patch Tuesday, including zero-day
TL;DR Microsoft released fixes for more than 60 vulnerabilities across Windows and related products in the November Patch Tuesday cycle,…
Mozilla Ends Monitor Plus Ties to Onerep, Service Closing Dec. 17, 2025
TL;DR Mozilla said it will discontinue Monitor Plus — its paid data-broker scanning and removal offering that used Onerep —…
Are Android TV Streaming Boxes Being Recruited into Botnets?
TL;DR Security researchers examining Superbox Android TV-style streaming devices found software that replaces Google Play with an unofficial app store…
Meet Rey, the Teen Admin Behind Scattered LAPSUS$ Hunters Ransom Group
TL;DR A core operator known as 'Rey' has been identified as an administrator of the Scattered LAPSUS$ Hunters ransomware and…
SMS Phishers Shift Tactics: Points, Tax Refunds and Fake Shops
TL;DR Security researchers say China-based phishing groups have expanded SMS scams to include offers of rewards points, tax refunds and…
How a $25M Essay-Mill Network Connects to Russia’s Synergy University
TL;DR An international essay- and homework-writing network operating under “Nerdy” brands has generated nearly $25 million and repeatedly used Google…
Microsoft Patch Tuesday December 2025: 56 Fixes Including One Zero‑Day
TL;DR Microsoft released December Patch Tuesday updates addressing 56 security flaws, including a zero‑day privilege escalation and two publicly disclosed…
Most Parked and Typosquatting Domains Now Redirect Visitors to Malware
TL;DR A study by security firm Infoblox finds that over 90% of parked and typosquatting domains now lead visitors to…