Notícias

The fewer entry points you leave open, the more secure your smart home will be.

Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now confirming that attackers have already compromised over 30 organizations across multiple sectors. [...]

Two critical remote code execution (RCE) vulnerabilities—CVE-2025-55182 and CVE-2025-66478—impact applications built on React and Next.js, enabling attackers to execute arbitrary code without authentication. Barracuda Application Protection, including Barracuda WAF and WAF-as-a-Service, offers automatic safeguards against these threats through real-time signature updates and layered defenses.

A critical vulnerability (CVE-2025-55182) in React Server Components (RSC) may allow unauthenticated attackers to achieve remote code exection on the application server, the React development team warned on Wednesday. The maximum-severity vulnerability was privately reported by Lachlan Davidson and has been fixed. At this moment, there are no public reports of it being exploited by attackers and no confirmed public PoC exploits (for now). Nevertheless, affected users have been advised to upgrade to a non-vulnerable … More → The post Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182) appeared first on Help Net Security.

The UK's National Cyber Security Center (NCSC) announced the testing phase of a new service called Proactive Notifications, designed to inform organizations in the country of vulnerabilities present in their environment. [...]

Google just gave you 107 reasons to update your Android phone, including high-severity vulnerabilities and several that are the worst of the worst.

Cybersecurity startup AISLE discovered a Medium severity flaw in the WebXR component of Chrome, Edge, and other Chromium browsers. Over 4 billion devices were at risk. Update now.

The University of Phoenix (UoPX) has joined a growing list of U.S. universities breached in a Clop data theft campaign targeting vulnerable Oracle E-Business Suite instances in August 2025. [...]

The open-source code library is one of the most extensively used application frameworks. Wiz found vulnerable versions in around 39% of cloud environments. The post Developers scramble as critical React flaw threatens major apps appeared first on CyberScoop.

Reading Time: 6 minutes Cyber threats are growing more advanced every year, and unpatched systems remain one of the biggest reasons organizations suffer data breaches. In fact, many attacks rely on known vulnerabilities that could have been prevented with proper updates. That's why having a strong patch management procedure is essential for IT managers, cybersecurity teams, and business leaders.... The post Patch Management Procedure: Building a Secure and Efficient Update Process appeared first on Comodo News and Internet Security Information.