Five more Chinese hacking groups have joined the React2Shell party. The flaw, tracked as CVE-2025-55182, affects React and Next.js applications, allowing attackers to execute arbitrary code. The Google Threat Intelligence Group identified additional groups exploiting this vulnerability, proving once again that cyber-espionage is a global team sport.

Apple and Google release fixes for actively exploited flaws. Hackers are taking advantage of vulnerabilities faster than you can say “software update.” Make sure to install the latest patches for your devices—because nothing ruins a day like a maliciously crafted web page executing arbitrary code. Stay secure, folks!

Ashen Lepus, linked to Hamas, is actively using AshTag malware to target Middle Eastern governments. They lure victims with fake geopolitical reports, leading to stealthy data theft via a clever attack chain. Despite geopolitical tensions, their espionage remains relentless, urging vigilance from regional organizations against this evolving cyber threat.

The Bank of England’s Real-Time Gross Settlement system upgrade cost £23 million extra due to the European Central Bank’s decision to delay its messaging overhaul. The unplanned expense was like buying a used car only to discover it needs a new engine and tires to boot.

Jaguar Land Rover’s cyber raid not only stopped production but also swiped payroll data. The breach, one of the priciest in UK history, exposed sensitive employee details. JLR urges employees to stay vigilant despite no misuse evidence yet. The attack cost JLR £1.5 billion in sales and impacts the UK economy significantly.

Soverli raises $2.6 million in pre-seed funding to develop a sovereign smartphone platform. It allows users to switch to a secure OS with one button, even if Android or iOS is compromised. No hardware mods needed—just pure security magic with zero impact on your scrolling addiction. Soverli aims to redefine smartphone security.

700Credit, a U.S. fintech company, had a data breach exposing personal data of at least 5.6 million people. While the breach has been reported to authorities, affected consumers are urged to stay vigilant, use credit monitoring, and watch out for phishing scams. So, if you get a letter from 700Credit, don’t just file it under…

Coupang’s CEO Park Dae-jun resigned after a data breach affected 33.7 million customer accounts, a number close to two-thirds of South Korea’s population. Harold Rogers steps in as interim CEO to manage the crisis. Meanwhile, the police and privacy watchdogs intensify their investigations, leaving no stone unturned—or unbreached.

Atlassian has released patches for around 30 vulnerabilities, including critical-severity flaws in products like Confluence and Jira. Among them is a catastrophic XML External Entity (XXE) injection bug with a perfect 10/10 CVSS score. Users should apply these fixes immediately to avoid turning their systems into a tech horror show.

Asahi Group Holdings is brewing up a cybersecurity storm after a ransomware attack spilled the personal data of two million people. CEO Atsushi Katsuki is elevating cybersecurity to a top priority, considering a dedicated unit, and ditching VPNs for a zero-trust model. Cheers to safer sips!

The French Ministry of the Interior was breached in a cyberattack, with hackers gaining access to email servers and some documents. Interior Minister Laurent Nuñez suspects foreign interference, activist mischief, or cybercrime. France has tightened security and launched an investigation, while hackers presumably celebrate with croissants and questionable motives.

Apple and Google have rushed out emergency patches to fix zero-day bugs actively exploited in sophisticated attacks. While details are sparse, both companies confirm the fixes address urgent vulnerabilities. Users are advised to patch first, ask questions later, because when it comes to cybersecurity, curiosity might actually kill the cat—or your data!

Nathan Austad, aka ‘Snoopy’, is the third mastermind to plead guilty in a credential stuffing attack against a fantasy sports site. Hacking 60,000 accounts, he drained wallets faster than a shopaholic at a shoe sale. Austad now faces up to five years in prison for his role in the DraftKings hacks.

CERT-FR suggests completely deactivating Wi-Fi when not in use to dodge cyber attacks. It’s like telling your phone to take a nap: conserve energy, avoid unwanted guests, and wake up refreshed! Avoid public networks, disable auto-connect, and use a VPN. Because who wants a side of spyware with their Wi-Fi?

The Danish government is mulling laws that could restrict VPN use, sparking fears of censorship over safety. While not an outright ban, privacy activists argue the move targets legitimate tools under the guise of copyright enforcement. Meanwhile, officials insist it’s merely a modest proposal to combat illegal streaming.

The post office dodged a fine for a data breach impacting over 500 wrongfully convicted workers, earning a mere slap on the wrist from the ICO. Critics argue this leniency sends the wrong message, suggesting public agencies might escape unscathed after data breaches, leaving cybersecurity experts calling for stronger protocols.

UK government security experts urge businesses to prioritize supply chain security with a new playbook. The Cyber Essentials scheme, combined with the Supplier Check tool, offers a robust assurance mechanism. Yet, despite its benefits, Cyber Essentials uptake remains low, with awareness sinking to just 12%—almost as elusive as a good parking spot in London.

Operation MoneyMount-ISO is hitting Russian finance and accounting sectors with phishing emails that deliver the Phantom Stealer malware through malicious ISO images. The campaign uses a fake payment confirmation to lure victims. This sneaky operation is like a digital heist, but with fewer ski masks and more virtual CD drives!

React2Shell has taken the web by storm, but not the good kind. This new vulnerability, CVE-2025-55182, is like the magician of the cyber world, making security vanish with a mere payload. With 110,000 services exposed in the US alone, it’s clear this bug is more popular than a cat video marathon.

In 1983, four young British hackers unintentionally paved the way for the Computer Misuse Act. Their playful antics on outdated computers led to a legal revolution, proving that even a ZX Spectrum can spark change. Now, as cybercrime escalates, it’s time for ethical hacking to become a national obsession. God bless the United Kingdom’s lawmakers.