A critical security flaw in React Server Components is sending developers into overdrive as they race to patch a vulnerability that affects nearly 40% of cloud environments. The bug, discovered by Lachlan Davidson and assigned CVE-2025-55182, allows attackers to execute remote code without authentication.

Meta worked with hosting providers to create patches before Wednesday's public disclosure, but security experts warn exploitation is "inevitable" and "truly imminent." The vulnerability affects major frameworks including Next.js, React Router, and RedwoodJS.

While no attacks have been reported yet, researchers expect exploit code to surface within hours, making this a race against time for organizations worldwide.

Source: CyberScoop

Iran's MuddyWater hacking group has significantly upgraded its cyber capabilities, deploying new custom malware called MuddyViper against Israeli and Egyptian targets from September 2024 through March 2025. The group, linked to Iran's intelligence ministry, used a sophisticated 64-bit loader called "Fooder" disguised as the Snake video game to execute attacks entirely in memory, evading traditional detection.

This marks a major evolution for MuddyWater, historically known for noisy, error-prone operations. The new toolkit includes advanced credential stealers and reverse tunneling capabilities. ESET researchers also observed collaboration with another Iranian group, Lyceum, suggesting increased coordination among Tehran's cyber units. Despite improvements, some operational weaknesses remain detectable.

Source: Dark Reading

Former Adams Township clerk Stephanie Scott, 53, and attorney Stefanie Lambert, 44, will stand trial for illegally accessing 2020 voter data in Michigan. Prosecutors say Scott ignored state orders to turn over voting equipment for maintenance and allowed unauthorized access to non-public voter information. Lambert, who previously tried to overturn Trump's 2020 Michigan loss, allegedly helped transmit election data from the township's electronic poll book.

Scott faces charges including computer crimes and misconduct in office. She was recalled from her position in 2023. Lambert faces similar computer crime charges and was previously disqualified from representing election conspiracy theorist Patrick Byrne in a Dominion Voting Systems case. Attorney General Dana Nessel called their actions "reckless and illegal."

Source: CBS News Detroit

Rep. August Pfluger (R-Texas) reintroduced the Cyber Deterrence and Response Act on Tuesday, legislation that would formally designate foreign hackers behind major cyberattacks as "critical cyber threat actors" subject to sanctions.

The bill would create a framework for attributing cyberattacks and target hackers who disrupt critical infrastructure, steal personal data or trade secrets, or undermine elections. The Office of the National Cyber Director would lead the designation process.

The legislation comes as Congress grows frustrated with cyberattacks like the Salt Typhoon campaign that infiltrated telecommunications networks. Similar legislation passed the House in 2018 but stalled in the Senate.

Source: CyberScoop

The Russian-speaking Tomiris cyber-espionage group has launched a sophisticated new campaign targeting foreign ministries and government entities across Commonwealth of Independent States countries. Kaspersky researchers discovered the attacks beginning in early 2025, marking two major tactical shifts for the group.

Tomiris now routes command-and-control traffic through popular platforms like Telegram and Discord, helping malicious activity blend with legitimate network use. The group also deploys malware written in multiple programming languages including Go, Rust, C++, Python, and C# to enhance stealth and adaptability.

The attacks begin with phishing emails containing password-protected archives that masquerade as legitimate documents. Once inside systems, Tomiris uses open-source frameworks like Havoc and AdaptixC2 to maintain control and steal internal government documents from countries including Turkmenistan, Kyrgyzstan, Tajikistan, and Uzbekistan.

Source: Dark Reading

Law enforcement agencies across Europe have taken down Cryptomixer, a cryptocurrency mixing service that helped launder $1.5 billion in Bitcoin over nearly a decade. The service allowed users to obscure their cryptocurrency transactions by pooling funds with other users before returning untraceable coins.

Operation Olympia, led by German and Swiss authorities with Europol support, targeted the platform frequently used by criminals to launder proceeds from ransomware attacks, credit card fraud, and drug trafficking. Investigators seized three servers in Switzerland, the platform's web domain, 12 terabytes of data, and $29 million worth of Bitcoin. No arrests have been announced yet.

Source: Security Week

A critical security flaw (CVE-2025-59789) in Apache bRPC framework allows remote attackers to crash servers by sending deeply nested JSON data. The vulnerability affects all versions before 1.15.0 and exploits the json2pb component's recursive parsing method, causing stack overflow crashes.

Servers handling HTTP+JSON requests from untrusted networks are particularly at risk. Apache has released version 1.15.0 with a complete fix, plus an official GitHub patch for immediate deployment.

The fix introduces a default recursion depth limit of 100, which administrators can adjust. Security teams should patch immediately to prevent denial-of-service attacks.

Source: Cyber Security News

The Royal Borough of Kensington and Chelsea confirmed hackers copied historical data during a cyber attack discovered Monday morning. The council quickly shut down systems after detecting unusual activity, emphasizing that while data was copied, it wasn't stolen and remains accessible to them.

The breach also affected Westminster City Council and Hammersmith and Fulham Council through shared IT arrangements. Police are investigating with no arrests made yet. RBKC is checking whether personal or financial details were compromised, warning residents to stay vigilant against suspicious communications.

Council services continue running despite some disruptions to phone lines and online systems.

Source: BBC

Only 14% of organizations feel fully prepared for emerging operational technology (OT) cybersecurity threats, highlighting a persistent divide between IT and OT teams. With manufacturing downtime costing $88,000 per hour on average, this gap has serious financial implications.

Industry experts say the biggest barrier is cultural, not technical. Cybersecurity teams speak risk and data language, while OT operators focus on safety, reliability, and uptime. Building trust requires cybersecurity professionals to understand operational priorities and demonstrate how security supports business goals rather than hindering them.

Geopolitical tensions are reshaping OT security as nation-state actors increasingly target critical infrastructure. Organizations are moving beyond basic compliance toward resilience-focused strategies that integrate cybersecurity into operational excellence rather than treating it as a separate function.

Source: Industrial Cyber

CISA added a critical cross-site scripting vulnerability in OpenPLC ScadaBR to its Known Exploited Vulnerabilities catalog on November 28, 2025, confirming attackers are actively using it. The flaw (CVE-2021-26829) allows remote attackers to inject malicious scripts through the system settings interface, potentially letting them hijack user sessions, steal credentials, or modify critical SCADA configurations.

The vulnerability targets industrial control systems widely used in automation research and implementation. Federal agencies must patch by December 19, 2025. CISA recommends immediately applying vendor patches, reviewing third-party usage, or discontinuing the product if fixes aren't available.

Source: Cybersecurity News