Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CVSS 10.0 CVE in React & Next.js: How You Can Stay Safe

On December 3rd, CVE-2025-55182 was published by CISA. This CVSS 10.0 vulnerability allows unauthenticated remote code execution, where a threat actor can exploit a flaw in React’s process to decode payloads sent to React Server Function endpoints. It is important to note that while not every team is using React Server Function endpoints in their app, they still may be vulnerable if their app supports React Server Components.

Building Customer Trust at Scale with Trust Centers

In a world where 86% of enterprise buyers bail if they can’t verify security early, the demand for transparency has reached a critical point. Every vendor claims to have security certifications, compliance badges, and rock-solid infrastructure, but how can buyers verify these claims when they’re hidden behind emails or buried in 400-page PDFs?

Model Inversion Attacks: When AI Reveal Their Secrets

Researchers in 2019 proved something that sent shock waves throughout the machine learning community. With nothing more than the facial recognition API’s confidence scores, they reconstructed clear images of people whose photos had been used to train the learning model. The re-creations were not exact replicas, but they came close enough that real people whose likenesses had never been consented to could be identified.

The hidden offboarding step draining your budget

There’s a good chance something important is missing from your IT team’s offboarding checklist, and it may be causing a steady drip of unnecessary, wasted spend. The source of this leak? No, it’s not the unreturned laptops; it’s the licenses for SaaS apps that employees use every day.

AI agents and identity risks: How security will shift in 2026

The pace of technological change is relentless. Not long ago, our migration to the cloud and the automation of CI/CD pipelines dominated the conversation. Now, AI agents are reshaping how we think about automation, productivity, and risk. As we look toward 2026, it’s clear that these intelligent, autonomous systems are not just a passing trend; they are becoming foundational to how businesses operate.

Wallarm Halts Remote Code Execution Exploits: Defense for Vulnerable React Server Component Workflows

On December 3, 2025, React maintainers disclosed a critical unauthenticated remote code execution (RCE) vulnerability in React Server Components (RSC), tracked as CVE-2025-55182. A working PoC was released publicly, and Wallarm immediately began observing widespread exploitation attempts across customer environments.

Fake SAP Concur Extensions Deliver New FireClient Malware Variant

The BlueVoyant Security Operations Center (SOC) and Threat Fusion Cell (TFC) team are tracking an adversary luring users into downloading fake Concur browser extensions. The fake browser extension installer contains a FireClient Loader designed to gather host information and send to its command and control (C2) server. If execution succeeds with successful communication to the C2, the loader drops a backdoor BlueVoyant is naming FireClient Backdoor.

Database as a Service: A Complete DBaaS Implementation Strategy

A database-as-a-service (DBaaS) product eliminates the complexity of managing database infrastructure while reducing operational costs by up to 40%. Organizations can provision, configure, and scale databases instantly without hardware maintenance or software updates. MariaDB’s recent SkySQL reacquisition highlights the market shift toward flexible deployment models that support self-managed, hybrid, and fully managed environments.

CVE-2025-55182: Critical Remote Code Execution Vulnerability Found in React Server Components

On December 3, 2025, the React team released fixes for a maximum severity vulnerability in React Server Components (RSC). The vulnerability, tracked as CVE-2025-55182, stems from unsafe handling of serialized DOM elements, allowing for remote code execution in React 19 and other frameworks built on top of it, such as Next.js 15–16. The vulnerability was responsibly disclosed to React as part of a bug bounty program and is not known to be actively exploited in the wild at this time.