Critical Next.js Vulnerability in Hacker Crosshairs

Threat actors have started probing servers impacted by a critical-severity vulnerability in the web application development framework Next.js.

The post Critical Next.js Vulnerability in Hacker Crosshairs appeared first on SecurityWeek.

SecurityWeek – ​Read More

Hackers Using E-Crime Tool Atlantis AIO for Credential Stuffing on 140+ Platforms

Threat actors are leveraging an e-crime tool called Atlantis AIO Multi-Checker to automate credential stuffing attacks, according to findings from Abnormal Security.
Atlantis AIO “has emerged as a powerful weapon in the cybercriminal arsenal, enabling attackers to test millions of stolen credentials in rapid succession,” the cybersecurity company said in an analysis.
Credential stuffing is a

The Hacker News – ​Read More

Public-Private Ops Net Big Wins Against African Cybercrime

Three cybersecurity firms worked with Interpol and authorities in Nigeria, South Africa, Rwanda, and four other African nations to arrest more than 300 cybercriminals.

darkreading – ​Read More

New Security Flaws Found in VMware Tools and CrushFTP — High Risk, No Workaround

Broadcom has issued security patches to address a high-severity security flaw in VMware Tools for Windows that could lead to an authentication bypass.
Tracked as CVE-2025-22230, the vulnerability is rated 7.8 on the ten-point Common Vulnerability Scoring System (CVSS).
“VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control,” Broadcom said in an

The Hacker News – ​Read More

Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks

Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that it said has been exploited in the wild as part of attacks targeting organizations in Russia. 
The vulnerability, tracked as CVE-2025-2783, has been described as a case of “incorrect handle provided in unspecified circumstances in Mojo on Windows.” Mojo refers to a

The Hacker News – ​Read More

Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky

The vulnerability, tracked as CVE-2025-2783, was chained with a second exploit for remote code execution in attacks in Russian.

The post Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky appeared first on SecurityWeek.

SecurityWeek – ​Read More

How to tell if your online accounts have been hacked

This is a guide on how to check whether someone compromised your online accounts.

Security News | TechCrunch – ​Read More

After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot

Microsoft is partnering with top firms to launch new AI security tools, boosting breach analysis, threat detection, and AI model protection across cloud platforms.

Security | TechRepublic – ​Read More

Nearly $13 million stolen from Abracadabra Finance in crypto heist

The crypto lending platform said the issue was sourced back to a product it calls “cauldrons” — isolated lending markets that allow users to borrow against a variety of cryptocurrencies.

The Record from Recorded Future News – ​Read More

Malaysia PM says country rejected $10 million ransom demand after airport outages

Computer outages at Malaysia’s Kuala Lumpur International Airport (KLIA) this weekend were attributed to a recent cyberattack, according to the country’s cybersecurity agency and aviation authority.

The Record from Recorded Future News – ​Read More