Here is the most recent Cybersecurity news for the past week:
⚠️ Critical React and Next.js Vulnerability Actively Exploited by Nation-State Groups
A critical Remote Code Execution (RCE) vulnerability, tracked as CVE-2025-55182 and dubbed “React2Shell,” was confirmed to be actively exploited, including by suspected Chinese and North Korean threat actors. The flaw affects React Server Components and frameworks that use them, like Next.js, allowing attackers to execute arbitrary code with a near 100% success rate on vulnerable cloud applications within hours of the public disclosure.
Critical React2Shell Vulnerability Under Active Exploitation by Chinese Threat Actors
🏦 Financial Software Vendor Marquis Software Breach Impacts Dozens of US Banks
Marquis Software Solutions, a financial software provider serving numerous institutions, disclosed a data breach that impacted over 74 banks and credit unions across the US. The breach involved unauthorized access to Marquis’s systems, compromising the corporate and customer data of its financial institution clients through a third-party vendor attack vector.
Marquis data breach impacts over 74 US banks, credit unions
📈 Ransomware Attacks Targeting Hypervisors Surge by 700% in 2025
New threat intelligence reports a dramatic 700% increase in ransomware attacks targeting hypervisors like VMware ESXi and Microsoft Hyper-V during the second half of 2025. Attackers are shifting their focus to these virtualization layers to encrypt entire environments and multiple virtual machines simultaneously, with hypervisor involvement in malicious encryption surging from 3% to 25% of observed attacks.
Researchers spot 700 percent increase in hypervisor attacks
💻 Malicious VS Code Extensions Found Stealing Data from Developers
Two malicious extensions, named Bitcoin Black and Codo AI, were discovered on Microsoft’s Visual Studio Code (VS Code) marketplace. Published under a fake developer account, these extensions were engineered to infect developers’ machines with information-stealing malware, compromising source code, credentials, and other sensitive development data.
Malicious VSCode extensions on Microsoft’s registry drop infostealers
💊 Pharmaceutical Firm Inotiv Confirms Data Breach After Qilin Ransomware Attack
American pharmaceutical research firm Inotiv confirmed that sensitive personal information belonging to nearly 10,000 current and former employees and their dependents was stolen during an August 2025 ransomware attack. The breach, claimed by the Qilin ransomware group, exposed Social Security numbers, financial information, and medical details after attackers accessed the company’s network.
Pharmaceutical Firm Inotiv Discloses Ransomware Attack and Data Breach
