Active React2Shell exploitation uses malicious NGINX configurations to hijack web traffic, targeting Baota panels, Asian TLDs, and government domains.
Get the latest international news and world events from around the world.
Microsoft rolls out native Sysmon monitoring in Windows 11
Microsoft has started rolling out built-in Sysmon functionality to some Windows 11 systems enrolled in the Windows Insider program.
Microsoft first revealed plans to integrate Sysmon natively into Windows 11 and Windows Server in November, when it also confirmed that it will soon release detailed documentation.
Sysmon (short for System Monitor) is a free Microsoft Sysinternals tool (and a Windows system service and device driver) that monitors for and blocks malicious/suspicious activity, logging it to the Windows Event Log.
Critical n8n flaws disclosed along with public exploits
Multiple critical vulnerabilities in the popular n8n open-source workflow automation platform allow escaping the confines of the environment and taking complete control of the host server.
Collectively tracked as CVE-2026–25049, the issues can be exploited by any authenticated user who can create or edit workflows on the platform to perform unrestricted remote code execution on the n8n server.
Researchers at several cybersecurity companies reported the problems, which stem from n8n’s sanitization mechanism and bypass the patch for CVE-2025–68613, another critical flaw addressed on December 20.
CISA warns of five-year-old GitLab flaw exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems against a five-year-old GitLab vulnerability that is actively being exploited in attacks.
GitLab patched this server-side request forgery (SSRF) flaw (tracked as CVE-2021–39935) in December 2021, saying it could allow unauthenticated attackers with no privileges to access the CI Lint API, which is used to simulate pipelines and validate CI/CD configurations.
“When user registration is limited, external users that aren’t developers shouldn’t have access to the CI Lint API,” the company said at the time.
New Amaranth Dragon cyberespionage group exploits WinRAR flaw
A new threat actor called Amaranth Dragon, linked to APT41 state-sponsored Chinese operations, exploited the CVE-2025–8088 vulnerability in WinRAR in espionage attacks on government and law enforcement agencies.
The hackers combined legitimate tools with the custom Amaranth Loader to deliver encrypted payloads from command-and-control (C2) servers behind Cloudflare infrastructure, for more accurate targeting and increased stealth.
According to researchers at cybersecurity company Check Point, Amaranth Dragon targeted organizations in Singapore, Thailand, Indonesia, Cambodia, Laos, and the Philippines.
Viridian inks cooperative agreement with Air Force Research Laboratory
SAN FRANCISCO — Viridian Space Corp. signed a cooperative research and development agreement (CRADA) with the Air Force Research Laboratory.
The five-year CRADA will provide the Southern California startup with access to testing facilities and satellite-operations expertise at AFRL’s Kirtland Air Force Base in New Mexico.
“There seems to be a good collaborative opportunity for testing our technology on the ground and, when we fly, collecting and sharing data from the [Very Low Earth Orbit] VLEO environment,” Viridian Space CEO Rostislav Spektor told SpaceNews. “Characterizing the VLEO environment is important for satellites that fly in VLEO and for satellites traveling to higher orbits that fly through VLEO.”
The Milky Way is embedded in a ‘large-scale sheet’ and this explains the motions of nearby galaxies
Computer simulations carried out by astronomers from the University of Groningen in collaboration with researchers from Germany, France and Sweden show that most of the (dark) matter beyond the Local Group of galaxies (which includes the Milky Way and the Andromeda Galaxy) must be organised in an extended plane. Above and below this plane are large voids. The observed motions of nearby galaxies and the joint masses of the Milky Way and the Andromeda Galaxy can only be properly explained with this ‘flat’ mass distribution. The research, led by PhD graduate Ewoud Wempe and Professor Amina Helmi, was published today in Nature Astronomy.
Almost a century ago, astronomer Edwin Hubble discovered that virtually all galaxies are moving away from the Milky Way. This is important evidence for the expansion of the universe and for the Big Bang. But even in Hubble’s time, it was clear that there were exceptions. For example, our neighbouring galaxy, Andromeda, is moving towards us at a speed of about 100 kilometres per second.
In fact, for half a century, astronomers have been wondering why most large nearby galaxies – with the exception of Andromeda – are moving away from us and do not seem to be affected by the mass and gravity of the so-called Local Group (the Milky Way, the Andromeda Galaxy and dozens of smaller galaxies).