Krebs on Security

The Kimwolf Botnet is Stalking Your Local Network

The security company Synthient currently sees more than 2 million infected Kimwolf devices distributed globally but with ...
Computer Weekly

Sonatype CEO on self-service: The vulnerability data gap undermining AI-driven development

Increasingly, self-service tools and internal developer platforms (IDPs) are configured to make critical decisions, but ...
SecurityWeek

RondoDox Botnet Exploiting React2Shell Vulnerability

December 2025, the RondoDox botnet operators have been targeting Next.js servers impacted by the React2Shell vulnerability.
The Hacker News

RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers

RondoDox botnet exploits the React2Shell vulnerability in Next.js, with over 90,000 exposed systems used to deploy miners and ...

This SmarterMail vulnerability allows remote code execution - here's what we know

Business-grade email server software SmarterMail just patched a maximum-severity vulnerability that allowed threat actors to ...
eWeek

This AI Tool Can Plan and Execute Penetration Tests on Its Own

An AI-powered penetration testing tool is automating offensive cybersecurity, accelerating vulnerability discovery and ...
InfoWorld

Critical vulnerability in IBM API Connect could allow authentication bypass

Rated 9.8 out of 10 in severity, the flaw could allow a remote attacker to gain unauthorized access to applications.
Tech Critter

Aikido vs SonarQube: Code Quality vs Full-Stack Application Security

Writing clean, bug-free code is a point of pride for any developer. For decades, tools that measure code quality have been a ...

US and Australian agencies warn MongoBleed vulnerability in MongoDB is under active exploitation

US and Australian agencies warn MongoBleed vulnerability in MongoDB is under active exploitation - SiliconANGLE ...
InfoWorld

React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web

The explosive, easy-to-trigger vulnerability was exploited within hours of disclosure, exposing the risks of default ...
The Hacker News

Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors

AI-driven attacks leaked 23.77 million secrets in 2024, revealing that NIST, ISO, and CIS frameworks lack coverage for ...