Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Throughout 2025, CrowdStrike has identified multiple intrusions targeting VMware vCenter environments at U.S.-based entities, in which newly identified China-nexus adversary WARP PANDA deployed BRICKSTORM malware. WARP PANDA exhibits a high level of technical sophistication, advanced operations security (OPSEC) skills, and extensive knowledge of cloud and virtual machine (VM) environments.

The rapid adoption of AI has introduced a new, semantic attack vector that many organizations are ill-prepared to defend against: prompt injection. While many security teams understand the threat of direct prompt injection attacks against AI agents developed by their organizations, another more subtle threat lurks in the shadows: indirect prompt injection attacks.

Technology is part of everyday life, offering connection and convenience. For many women and girls experiencing gender based violence in the UK, that same technology is increasingly used as a tool of control, surveillance and harm. Understanding how this abuse works is essential for safeguarding and accountability.

On December 4, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and the Canadian Centre for Cyber Security jointly released Malware Analysis Report AR25-338A analyzing BrickStorm malware, a sophisticated backdoor attributed to the People’s Republic of China (PRC) state-sponsored cyber actors.

A critical vulnerability, CVE-2025-66478, has been identified in Next.js applications using React Server Components (RSC) with the App Router. This vulnerability receives a CVSS score of 10.0 and a Bitsight Dynamic Vulnerability Exploit (DVE) score of 7.85. This vulnerability may allow remote code execution (RCE) when affected servers process attacker-controlled RSC requests. CVE-2025-66478 is tied to an upstream React issue (CVE-2025-55182–DVE score 9.15) affecting the RSC protocol implementation.

Windows patch management is the practice of deploying and managing feature updates, bug fixes, and security patches at scale for Windows operating systems and applications. These updates go beyond adding new features, acting as critical safeguards that address vulnerabilities attackers commonly target.

Most teams spend more than 40 hours a week just keeping their payment page script inventories updated. And that’s meticulous work as they have to load the page, watch what scripts fire, map domains, and compare it all to the last version, just to ensure the changes are documented before the details go stale. Also check out How to Maintain PCI Compliance Across Hundreds of Payment Pages But for organizations with 50 to more than 200 payment pages, it goes even further.

On December 3, 2025, the React team released fixes for a maximum severity vulnerability in React Server Components (RSC). The vulnerability, tracked as CVE-2025-55182, stems from unsafe handling of serialized DOM elements, allowing for remote code execution in React 19 and other frameworks built on top of it, such as Next.js 15–16. The vulnerability was responsibly disclosed to React as part of a bug bounty program and is not known to be actively exploited in the wild at this time.

A database-as-a-service (DBaaS) product eliminates the complexity of managing database infrastructure while reducing operational costs by up to 40%. Organizations can provision, configure, and scale databases instantly without hardware maintenance or software updates. MariaDB’s recent SkySQL reacquisition highlights the market shift toward flexible deployment models that support self-managed, hybrid, and fully managed environments.

The BlueVoyant Security Operations Center (SOC) and Threat Fusion Cell (TFC) team are tracking an adversary luring users into downloading fake Concur browser extensions. The fake browser extension installer contains a FireClient Loader designed to gather host information and send to its command and control (C2) server. If execution succeeds with successful communication to the C2, the loader drops a backdoor BlueVoyant is naming FireClient Backdoor.