React2Shell vulnerability CVE-2025–55182 is actively exploited to deploy Linux malware, run commands, and steal cloud credentials at scale.
Category: cybercrime/malcode
The Hidden Risk in Virtualization: Why Hypervisors are a Ransomware Magnet
Ransomware groups are targeting hypervisors to maximize impact, allowing a single breach to encrypt dozens of virtual machines at once. Drawing on real-world incident data, Huntress explains how attackers exploit visibility gaps at the hypervisor layer and outlines steps orgs can take to harden virtualization infrastructure.
Cellik Android malware builds malicious versions from Google Play apps
A new Android malware-as-a-service (MaaS) named Cellik is being advertised on underground cybercrime forums offering a robust set of capabilities that include the option to embed it in any app available on the Google Play Store.
Specifically, attackers can select apps from Android’s official app store and create trojanized versions that appear trustworthy and keep the real app’s interface and functionality.
By providing the expected capabilities, Cellik infections can go unnoticed for a longer time. Additionally, the seller claims that bundling the malware this way may help bypass Play Protect, although this is unconfirmed.
Kali Linux 2025.4 released with 3 new tools, desktop updates
Kali Linux has released version 2025.4, its final update of the year, introducing three new hacking tools, desktop environment improvements, the preview of Wifipumpkin3 in NetHunter, and enhanced Wayland support.
Kali Linux is a distribution designed for cybersecurity professionals and ethical hackers to perform red-teaming, penetration testing, security assessments, and network research.
The distribution is available as an installable operating system or a live environment and supports a wide range of hardware, including Raspberry Pi devices and compatible Android phones through Kali NetHunter.
