04.12.2025

CSO Online 04.12.2025 04:00
KI ist nicht nur ein Tool für Hacker, sondern kann auch selbst zur Gefahr werden.
inray27 – Shutterstock.com

CSO Online 04.12.2025 00:28
Developers using the React 19 library for building application interfaces are urged to immediately upgrade to the latest version because of a critical vulnerability that can be easily exploited by an attacker to remotely run their own code.
Researchers at Wiz said Wednesday that a vulnerability in the React Server Components (RSC) Flight protocol affects the React 19 ecosystem, as well as frameworks that implement it. In particular, that means Next.js, a popular full stack development framework built on top of React, which received a separate CVE. 

The Hacker News 03.12.2025 18:19
A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution.
The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0.
It allows "unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints," the React Team said in

The Hacker News 03.12.2025 17:46
Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company's November 2025 Patch Tuesday updates, according to ACROS Security's 0patch.
The vulnerability in question is CVE-2025-9491 (CVSS score: 7.8/7.0), which has been described as a Windows Shortcut (LNK) file UI misinterpretation vulnerability that could lead to remote

The Hacker News 03.12.2025 17:08
A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild.
The vulnerability, CVE-2025-8489 (CVSS score: 9.8), is a case of privilege escalation that allows unauthenticated attackers to grant themselves administrative privileges by simply specifying the administrator user role during registration.
It affects versions

Golem 03.12.2025 12:15
Der Wurm Shai Hulud ist weiterhin aktiv. Die Malware greift unter anderem Zugangsdaten von Entwicklern ab. Forscher liefern neue Zahlen zum Ausmaß. (Malware, Virus)