Blogs
React2Shell RCE in React Server Components
New critical vulnerabilities CVE-2025-55182 and CVE-2025-66478 published by the React maintainers, dubbed "React2Shell" enables unauthenticated, zero-click RCE in React Server Components and Next.js.
SecureIT - Top Vulnerabilities - November 2025
In November 2025 Cloudflare experienced a major outage that disrupted a large portion of the internet. A change in an internal system assigned incorrect permissions to a database, which caused a configuration file used by Cloudflare’s bot management to grow far beyond its expected size.
Cybercrime around the holidays, some sober thoughts and some advice
It is almost December, do you know where your credit card has been? Like all of you at this time of year, I am of course thinking about… scams. Oh wait, shopping, and then about scams. This week
SecureIT Brand Protection – Responding to Fake Domains and Websites
SecureIT has for some time now offered a highly important service through a partner (SOCRadar), which detects fake websites that closely resemble our clients’ actual websites. These fakes often involve slight alterations in characters or domain extensions to trick users. We also implement specific technologies that alert us if someone attempts to clone a site, so we can act immediately when someone creates an imitation of a real website.
SecureIT - Top Vulnerabilities - October 2025
In October 2025, two major cloud-service disruptions made headlines. An AWS outage on October 20 disrupted global apps and services after DNS and load-balancer failures in the US-East-1 region. Nine days later, Microsoft Azure suffered a major outage caused by a configuration change in Azure Front Door that affected productivity tools, gaming platforms, and airlines.
SecureIT Top Vulnerabilities - September 2025
September was another busy month for defenders. Critical flaws emerged across network devices, browsers, mobile platforms, and core Windows services many already exploited in the wild.