This week’s Threatsday roundup distills 26 fast-moving cyber stories into what matters for defenders and decision-makers. Maritime IoT targeted: Broadside, a Mirai variant, exploits TBK DVR …

As Non-Human Identities (NHIs) multiply across enterprises, Robotic Process Automation (RPA) is speeding up work—and expanding the IAM attack surface. To capture the efficiency gains without inviting …

Threat actors are aggressively exploiting React2Shell, a maximum-severity flaw in React Server Components (CVE-2025-55182), to deliver cryptominers and several newly observed malware families across …

Elastic Security Labs has profiled NANOREMOTE, a fully featured Windows backdoor that covertly uses the Google Drive API for command-and-control. The approach enables stealthy data theft and payload …

If you don’t look inside your environment, you can’t know its true state—and attackers count on that. Think of your business like Schrodinger’s famous cat: both breached and not breached until you …

Google has released emergency Chrome patches for three security issues, including a high-severity vulnerability already exploited in the wild. Initially kept under wraps, the flaw is now tracked as …

Hackers are actively exploiting a hard-coded AES key flaw in Gladinet CentreStack and Triofox to forge access tickets, read web.config, and pivot to ViewState deserialization for remote code …

Cloud attackers aren’t just forcing entry anymore—they’re slipping through misconfigurations, identity gaps, and code paths that look like normal activity. Traditional tools often miss these signals. …

CISA has added WinRAR vulnerability CVE-2025-6218 (CVSS 7.8) to its Known Exploited Vulnerabilities catalog, confirming active exploitation by multiple threat groups. The flaw is a path traversal …

Three newly disclosed vulnerabilities in the PCIe Integrity and Data Encryption (IDE) protocol could let a local attacker cause devices to process stale or incorrect data. The issues affect PCIe Base …