Author: Tudorel Iancu

Introduction In the rapidly evolving landscape of cloud-native development, the React Server Components (RSC) feature has emerged as a powerful tool for building high-performance applications. However, a newly disclosed vulnerability, CVE-2025-55182, commonly referred to as “React2Shell,”

Executive Summary On 2025-12-08, CyberHunter_NL released a threat report titled JPCERT Confirms Active Command Injection Attacks on Array AG Gateways. The alert, issued by JPCERT/CC, confirms that a previously unassigned command‑injection vulnerability in Array Networks’ AG

On December 4 2025 AlienVault released a new threat report titled Prolific Zero-Day Exploits Continue. The report details the ongoing activities of the cyber‑espionage group Intellexa, which has continued to develop sell and deploy zero‑day vulnerabilities

Threat Overview In late December 2025, security researchers uncovered a sophisticated supply‑chain attack that leveraged the Visual Studio Code ecosystem to deliver a multi‑stage malware payload. The attack was initiated through a seemingly innocuous extension named

In a recent intelligence briefing released on December 3, 2025, the security community was alerted to a sophisticated campaign that leverages the open‑source Evilginx 3.0 framework to compromise single sign‑on (SSO) services across higher‑education institutions in

Arkanix Stealer: New Profit Malware In the rapidly evolving landscape of cybercrime, a new threat has emerged that underscores the ease with which attackers can launch profitable operations. The Arkanix Stealer, first reported by AlienVault on

Threat Overview Large language models (LLMs) have become a double‑edge sword in the cyber‑security arena. While they enable unprecedented automation, creativity, and efficiency, they also lower the barrier for malicious actors to design, prototype, and deploy

In the latest intelligence update released by AlienVault on 27 November 2025, security researchers uncovered a sprawling network of more than 2,000 counterfeit e‑commerce sites that have been engineered to prey on consumers during the peak

NTLM Abuse in 2025 Cyberattacks: Threat Overview In late 2025, a comprehensive threat report was released by AlienVault detailing the continued exploitation of the NTLM authentication protocol in Windows environments. Despite being a legacy protocol, NTLM

Executive Summary On 26 November 2025, AlienVault released a comprehensive threat report titled "Water APT Multi-Stage Attack Uncovered". The report dissects a sophisticated, multi-stage intrusion campaign attributed to the Water Gamayun APT group. The campaign demonstrates