CSO Online

RCE flaw in OpenAI’s Codex CLI highlights new risks to dev environments

Researchers found that .env files inside cloned repositories could be used to change the Codex CLI home directory path and ...
InfoWorld

AI-assisted software development with Amazon Q Developer

Amazon Q Developer is a useful AI-powered coding assistant with chat, CLI, Model Context Protocol and agent support, and AWS ...
The Hacker News

React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors

Critical React Server Components flaw (CVE-2025-55182) fuels automated attacks dropping miners and multiple new Linux malware ...
The Hacker News

Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting ...

Cloudflare blames Friday outage on borked fix for React2shell vuln

Amid new reports of attackers pummeling a maximum security hole (CVE-2025-55182) in the React JavaScript library, ...

Maximum severity React2Shell flaw exploited by North Korean hackers in malware attacks

The Chinese are not the only ones exploiting React2Shell, a maximum-severity vulnerability that was recently discovered in ...
WeLiveSecurity

MuddyWater: Snakes by the riverbank

MuddyWater targets critical infrastructure in Israel and Egypt, relying on custom malware, improved tactics, and a predictable playbook.

Microsoft "mitigates" Windows LNK flaw exploited as zero-day

Microsoft has silently mitigated a high-severity Windows LNK vulnerability exploited by multiple state-backed and cybercrime ...
Developer Tech

OpenAI Codex CLI patch closes major supply chain vulnerability

A major supply chain vulnerability in the OpenAI Codex CLI has been patched after discovery by Check Point Research.
Infosecurity Magazine

React2Shell Exploit Campaigns Tied to North Korean Cyber Intrusion Tactics

Sysdig has found sophisticated malicious campaigns exploiting React2Shell that delivered EtherRAT and suggested North Korean ...
GovInfoSecurity

Zero Day: 700 Instances of Self-Hosted Git Service Exploited

An attacker has been exploiting a zero-day vulnerability in Gogs, an open-source and popular Git service that allows for self ...

Trump says US has seized an oil tanker off the coast of Venezuela. See highlights from Wednesday.

It’s the Trump administration’s latest push to increase pressure on Venezuelan President Nicolás Maduro, who has been charged ...