* Widespread Exploitation of React2Shell Flaw Compromises Dozens of Organisations

* Gartner Recommends Ban on AI-Powered Browser Extensions Amid Growing Security Risks

* Cybercriminals Pivot to Points, Taxes, and Fake Retailers in Surge of SMS Phishing Scams

* Cybercriminals Exploit Google Ads and AI Platforms to Spread macOS Infostealer Malware

* Thousands of Exposed Secrets on Docker Hub Put Organisations at Serious Risk

* Fake Calendly Invites Hijack Ad Manager Accounts by Spoofing Top Brands

* Widespread Npm Malware Attack Exposes Thousands of Developer Secrets

* WA Man Responsible for In-Flight “Evil Twin” WiFi Attacks Sentenced to 7 Years in Prison

* Thousands of Developer Secrets Exposed in Public GitLab Repositories

* ASX Outage Caused by Security Software Upgrade, Raising Concerns Over Technological Resilience

* Singapore Orders Apple, Google to Prevent Government Spoofing on Messaging Platforms

* Massive Cyberattack Targets Real Estate Loan Vendor, Exposing Customer Data of Major Banks

* Beware of Android TV Streaming Boxes Linked to Cybercrime Activities

* The Rise of Agentic Bots and the Need for Robust Bot Management

* FBI Warns of Soaring Account Takeover Fraud Ahead of Holiday Shopping Season

* WhatsApp Vulnerability Exposes User Phone Numbers, Enabling Large-Scale Enumeration Attacks

* Critical Vulnerability Discovered in W3 Total Cache WordPress Plugin Enabling PHP Command Injection

* Azure Experiences Largest-Ever DDoS Attack, Highlighting Ongoing Threat to Cloud Infrastructure

* Optus Fined $826,000 for Vulnerability That Enabled Scammers to Steal Phone Numbers and Access Bank Accounts

* Malicious NPM Packages Leverage Adspect Redirects to Evade Security and Lure Victims to Cryptocurrency Scams

* Mozilla Bolsters Firefox’s Anti-Fingerprinting Defences to Enhance User Privacy

* Dangerous runC Vulnerabilities Expose Docker and Kubernetes Containers to Potential Escape Attacks

* Swiss Authorities Warn of Phishing Scam Targeting Lost iPhone Owners

* Malicious NuGet Packages Deployed with Disruptive ‘Time Bomb’ Payloads

* OWASP Unveils AI Vulnerability Scoring System (AIVSS) to Assess AI-Powered Threats

* Australia and US Impose Sanctions on North Korean Cyber Operations

* Researchers Uncover Vulnerabilities in ChatGPT that Enable Data Leaks and Malicious Behaviour

* Threat Actors Ramp Up Malicious Use of AI Tools, Posing Escalating Risks

* Researchers Uncover Vulnerabilities in FIA’s Driver Categorisation System, Exposing F1 Drivers’ Sensitive Data

* Louvre Heist Exposes Shocking Security Vulnerabilities, as Password to Video Surveillance System Was Simply “Louvre”

* Microsoft 365 Copilot Vulnerability Allows Data Exfiltration

* Malicious “Claude” Code Package Discovered on Popular Open-Source Platforms

* Vulnerabilities Discovered in OpenAI’s Atlas Agentic Browser

* Tasmanian Government Agencies Hit by Cyber Attack

* AFP Building AI to Decipher ‘Crimefluencers’ Online Slang and Emojis

* Cyber Breach at Western Sydney University Exposes Sensitive Student Data

* Meta Introduces New Anti-Scam Tools for WhatsApp and Messenger Users

* Ransomware Attack on Muji Supplier Disrupts Online Sales in Japan

* Alarming Study Reveals Only 250 Documents Need to Poison LLMs of Any Size

* Prosper Marketplace Suffers Major Data Breach, Exposing Sensitive Customer Information

Special thanks to Yong Hwee Wee for contribution to this week’s articles.