Cybersecurity News Bytes

Microsoft’s December 2025 Patch Tuesday: 56 Vulnerabilities, Active Zero-Day, And Critical Office RCE Microsoft’s final Patch Tuesday of 2025 delivers fixes for 56 distinct vulnerabilities across core Windows components, Office,…

Microsoft December 2025 Patch Tuesday: Zero-Day in Cloud Files Driver and Critical RCE in PowerShell Summary: Microsoft’s December 2025 Patch Tuesday addresses 56 security vulnerabilities across Windows and associated software,…

ShadyPanda Browser Extension Espionage Campaign Exposes 4.3 Million Users A long‑running espionage and fraud operation dubbed ShadyPanda has abused trusted Chrome and Edge browser extensions to spy on approximately 4.3…

ShadyPanda Browser-Extension Espionage Campaign Exposes 4.3 Million Users A long-running espionage and fraud operation dubbed ShadyPanda has abused seemingly legitimate browser extensions for Google Chrome and Microsoft Edge to surveil…

Critical RSC Bugs Discovered in React and Next.js Frameworks Critical vulnerabilities in React Server Components (RSC) have been identified in both React and Next.js frameworks, posing significant risks to applications…

Android December 2025 Security Bulletin Patches Two In-The-Wild Zero‑Day Exploits Google’s December 2025 Android security update patches more than one hundred vulnerabilities, including two actively exploited zero‑day flaws that enable…

Massive 29.7 Tbps DDoS Attack Mitigated by Cloudflare Summary: A record-breaking distributed denial-of-service (DDoS) attack, peaking at 29.7 terabits per second, was successfully detected and mitigated by a major cloud…

Cloudflare Mitigates Record-Breaking 14.1 Bpps Aisuru DDoS Attack A new Aisuru-powered distributed denial-of-service (DDoS) attack peaking at 14.1 billion packets per second has set a fresh record for volumetric assaults,…

Active Exploitation of React2Shell Vulnerability Triggers Emergency Patching Across React and Next.js Ecosystems A critical remote code execution flaw in React Server Components, widely referred to as React2Shell, has moved…

Chinese Threat Actors Exploiting React2Shell Vulnerability in React and Next.js A newly disclosed critical vulnerability known as React2Shell is now under active exploitation by Chinese-linked threat actors, targeting modern web…