SecurityWeek

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

The UAT-10608 hacking group is using automated scanning and scripts to exploit React2Shell in a large-scale credential ...
Opinion

Washington's Hemp Shell Game: How Medicare Dollars Are Funding Non-Approved Products While FDA-Compliant Medicines Wait

The Substance Access Beneficiary Engagement Incentive (BEI), which went live on April 1, 2026, allows Medicare-connected care organizations to furnish up to $500 per year in hemp-derived products to ...

DeerFlow: Super-agent framework from ByteDance

With DeerFlow, ByteDance introduces a super-agent framework that allows for secure and parallel execution of agents through ...
The Hacker News

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Cookie-gated PHP web shells enable persistent Linux RCE via cron-based re-creation, reducing detection in routine traffic ...
The Hacker News

How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers

LiteLLM 1.82.7–1.82.8 supply chain attack exposed 33,185 secrets across 6,943 machines, leaving 3,760 valid credentials ...

MMJ International Holdings: Washington's Hemp Shell Game: How Medicare Dollars Are Funding Non-Approved Products While FDA-Compliant Medicines Wait

"As CMS Launches its $500 Cannabinoid "Engagement Incentive," MMJ International Holdings Warns of a Regulatory "Double ...

Hackers exploit React2Shell in automated credential theft campaign

Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell ...