Hackers abuse Triofox antivirus feature to deploy remote access tools

Hackers exploited a critical vulnerability and the built-in antivirus feature in Gladinet's Triofox file-sharing and ...
InfoWorld

RCE in React Native CLI opens Dev Servers to attacks

The bug exposes the Metro development server to remote attacks, allowing arbitrary OS command execution on developer systems ...
Infosecurity Magazine

Hackers Exploit Critical Flaw in Gladinet's Triofox File Sharing Product

Threat actors were exploiting vulnerable versions of Triofox after a patched version was released, said Google Cloud ...
SecurityWeek

Critical Triofox Vulnerability Exploited in the Wild

A threat actor exploited a critical vulnerability in Triofox to obtain remote access to a vulnerable server and then achieve code execution.

JFrog discloses CVSS 9.8 React vulnerability putting millions of developers at risk

Security researchers at software supply chain company JFrog Ltd. today revealed details of a critical vulnerability in React, ...
The Hacker News

Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive

Researchers uncover SleepyDuck RAT hidden in VSX extension, using Ethereum contracts to control infected hosts.
The Hacker News

Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks

The vulnerability, tracked as CVE-2025-11953, carries a CVSS score of 9.8 out of a maximum of 10.0, indicating critical severity. It also affects the "@react-native-community/cli-server-api" package ...
Hackaday

This Week In Security: Bogus Ransom, WordPress Plugins, And KASLR

There’s another ransomware story this week, but this one comes with a special twist. If you’ve followed this column for long, ...

Windows 11

Windows 11 gathers more information than some people would like. Here are steps you can take to keep that information private. A critical October patch has disrupted many development environments in ...