Critical 'React2Shell' RCE Exploited by Chinese Hackers; Google Patches Android Zero-Days

New "Benzona" Ransomware Strain Discovered in the Wild

Security researchers at CYFIRMA have discovered a new ransomware strain named "Benzona." The malware encrypts files on Windows, macOS, and Linux systems, appending a ".benzona" extension and dropping a ransom note titled "RECOVERY_INFO.txt". Victims are instru...

Critical 7-Zip RCE Vulnerability Now Under Active Exploitation

A critical remote code execution (RCE) vulnerability in the popular 7-Zip file archiver, tracked as CVE-2025-11001, is now being actively exploited in the wild. The path traversal flaw, which affects versions prior to 25.0.0, can be triggered when a user extra...

Washington Post Breached by Clop Ransomware via Oracle Flaws

Update:The Clop ransomware group has claimed another high-profile victim in its ongoing campaign targeting Oracle E-business Suite vulnerabilities. Barts Health NHS Trust, the largest NHS trust in the UK, confirmed on December 5, 2025, that it suffered a data breach...

CISA Exposes 'BRICKSTORM' Backdoor Used by Chinese State Actors to Infiltrate US Government

Update:New intelligence attributes the BRICKSTORM campaign to the Chinese state-sponsored threat actor 'Warp Panda,' active since at least 2022. Initial access often leverages vulnerabilities in internet-facing edge devices like firewalls and VPN concentrators. Repor...

Android Zero-Days Under Active Attack, CISA Adds to KEV Catalog

Update:Google has officially released its December 2025 Android Security Bulletin, addressing a total of 107 vulnerabilities. This bulletin includes patches for the previously reported zero-day vulnerabilities, CVE-2025-48633 and CVE-2025-48572, which remain under ac...