RondoDox botnet exploits React2Shell flaw to breach Next.js servers

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js ...

Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed

A severe vulnerability affecting multiple MongoDB versions, dubbed MongoBleed (CVE-2025-14847), is being actively exploited ...
Dark Reading

Sunken Ships: Will Orgs Learn From Ivanti EPMM Attacks?

The zero-day exploitations of Ivanti's MDM platform meant unprecedented pwning of 1000s of orgs by a Chinese APT — and ...
Cryptopolitan on MSN

Unleash Protocol hacker routes most of $3.9M bounty to Tornado Cash

Unleash Protocol saw unauthorized withdrawals based on its decentralized governance mechanism. Losses are estimated at $3.9M, with a big part of the funds already mixed through Tornado Cash.

This SmarterMail vulnerability allows remote code execution - here's what we know

Business-grade email server software SmarterMail just patched a maximum-severity vulnerability that allowed threat actors to ...

NYT Strands hints, answers for January 1, 2026

Today's NYT Strands hints are easy if you love a good cup of joe.