Attacks pinned to critical React2Shell defect surge, surpass 50 confirmed victims
Researchers warn that half of the exposed vulnerable instances remain unpatched as in-the-wild exploitation grows rapidly.
Advertisement
greynoise
Attackers hit React defect as researchers quibble over proof
A debate over actual exploitation is muddying response efforts. Multiple researchers say they’ve observed working proof of concepts while others assert evidence of attacks is lacking.
CitrixBleed 2 beckons sweeping alarm as exploits spread across the globe
The number of Citrix customers impacted by CVE-2025-5777 remains unknown, but researchers have already observed more than 11.5 million attack attempts, targeting thousands of sites.
Questions mount as Ivanti tackles another round of zero-days
The besieged security vendor maintains the latest exploited vulnerabilities in its products are entirely linked to unspecified security issues in open-source libraries. Some researchers aren’t buying it.
GreyNoise’s Andrew Morris on using AI to find zero-days
Andrew Morris, founder and chief architect of GreyNoise
CISA to brief critical infrastructure companies about urgent new Log4j vulnerability
Log4j is a widely-used open-source logging tool popular in apps including Minecraft, Apple Cloud, Cloudflare and Twitter.
Advertisement
A Department of Defense bulletin on a ‘leaking’ sinkhole has baffled cybersecurity experts
Sinkholes don't leak. So why does a small DOD agency say a Chinese hacking group is using one to steal data?
Someone is spoofing big bank IP addresses – possibly to embarrass security vendors
The large-scale effort is duping people into thinking that the IP addresses are malicious.
Securiosity: The world is hacked
Operations around the world were unearthed this week. Brazil, India, Iran, Ukraine...you name the country, and we will tell you the infosec issue.