🚨 AWS reports groups are actively exploiting the #React2Shell RCE in the wild. Attackers are using exposed RSC endpoints for unauthenticated RCE → webshells → cloud pivoting. Patch React/Next.js immediately. No Field Effect systems are affected. More:

Researchers found the Recent Links feature on online code-formatters leaks private snippets via predictable URLs, exposing API keys, DB creds, & tokens at scale. More details here:

From our security experts 👇 A high-severity RCE vulnerability (CVE-2025-62518) impacts Rust-based archive libraries like async-tar, used across cloud-native & containerized systems. Multiple patches avail, check our writeup for full mitigation details:

If you run #Oracle #EBS (v12.2.3-12.2.14) or have internet-exposed modules: - Patch immediately - Lock down/reset access paths - Hunt for IoCs (reverse shells, HTTP anomalies, unusual outbound activity) Full breakdown:

An exec-targeted extortion campaign is claiming theft of Oracle EBS data. Since then, a critical flaw in Oracle EBS (CVE-2025-61882) has been confirmed.

What started as a potentially unwanted application (PUA) flagged as malicious by Microsoft Defender led our analysts to uncover a broader malware campaign using trojanized apps, signed binaries, and deceptive 7-Zip packaging. Read the full breakdown:

🚨 New patch alert: SolarWinds has released a hotfix for CVE-2025-26399, a critical Web Help Desk flaw enabling RCE. The company urged customers yesterday to upgrade to Web Help Desk version 12.8.7 Hotfix 1 to mitigate the issue. Details:

More info from our analysts on the #npm supply chain attack here:

...no exposure to the compromised components. Field Effect's onboarding process for 3rd-party libraries includes validation steps that would've identified affected packages & updates are performed only after a review of their current security posture.

Field Effect is actively monitoring a supply chain attack involving hijacked npm packages. Researchers say hackers planted malicious code in open source software packages with 2B+ weekly updates. None of Field Effect's services are affected and our internal review confirms...

Ongoing attacks against Sangoma #FreePBX systems (since Aug 21) exploit publicly exposed Admin Control Panels. 🔹 Affected: v16 & v17 w/ Endpoint Manager installed 🔹 Fix: EDGE module update (temp fix) 🔹 + Restrict ACP to trusted IPs or VPN Details:

Citrix has patched 3 #NetScaler flaws—including a zero-day (CVE-2025-7775, CVSS 9.2) exploited in the wild. ❗ Affects VPN, AAA, & mgmt interfaces ❗ No workarounds—patch now ✅ Cloud services already updated Details: https://t.co/JsTuAdaUUx #POC #exploit #vulnerability

🔑 11 popular extensions affected ⚠️ Some patches issued, others unpatched as of Aug 20 🛡️ Mitigation: disable autofill + audit extensions More details: https://t.co/oChPG1ZTzg #TTPs

At #DEFCON33, Marek Tóth revealed a new #exploit that weaponizes privileged #browser extensions like password managers. By manipulating the DOM, attackers can hijack hidden extension UIs—triggering autofill, exports, or settings changes without user awareness.

🚨 CISA warns of 2 critical #Nable N-central flaws actively exploited. MSPs: patch now, enable MFA & review logs. Details 👉 https://t.co/2OiBs0qj35 #CVE20258875 #CVE20258876 #Ncentral #MSP

Trend Micro released a mitigation tool for a Critical command injection flaw (#CVE202554948/#CVE202554987) being actively exploited. Apply the #Fixtool for a quick fix, but note that the Remote Install Agent will be disabled. Patch coming mid-Aug. More:

cont'd mitigation steps for #SonicWall SSL VPN users... 👉 Review auth logs for unusual access patterns, especially successful logins from unexpected ISPs or locations 👉 Implement MFA across all remote access systems 👉 Monitor SonicWall notices & advisories for updates

For all orgs using SonicWall SSL VPN appliances, we recommend that you: 👉 Disable SonicWall SSL VPN services or limit access 👉 Forward SonicWall VPN logs to your appliance for analysis 👉 Block reported network IOCs posted here:

While credential-based VPN network compromises are rising, the spike in related incidents across clients of different MSPs led us to consider broad exploitation as root cause. On Aug 2, we pushed AROs to 100s of clients with public-facing SonicWall VPNs recommending fast action.

SonicWall confirmed an increase in cybersecurity incidents affecting Gen 7 firewalls with SSL VPN enabled, corroborating our previously reported observations. However, we have one confirmed case involving the Gen 8 SonicWall NSa 3800 running SonicOS 8.0.2.