No recent events yet!
ngCERT alerts on critical vulnerabilities tracked as CVE-2025-55182 in React Server Components and its duplicate CVE-2025-66478 in Next.js, with a severity score of 10.0 on Nigeria cyberspace. These flaws stem from insecure deserialization in the React Server Components (RSC) "Flight" protocol that enables unauthenticated remote code execution (RCE). Particularly, the flaw dubbed "React2Shell", allows attackers to send specially crafted HTTP requests containing malicious RSC payloads to Server Actions or flight endpoints, resulting in arbitrary code execution on the server without authentication. Impacts include full server compromise, data theft, ransomware deployment, lateral movement, and persistent access. ngCERT strongly urges all organizations using affected versions of these applications to immediately install patched releases and scan for signs of exploitation.
ngCERT is issuing an alert on the Android systems compromised by multiple malware families, including Android Backdoor, Prizmes (BADBOX-related), Hummer (HummingBad), Rootnik, Triada, and Uupay. These malwares leverage vulnerabilities The combined impact of these malware variants is severe, with consequences including loss of sensitive data, financial fraud, device instability, large-scale botnet participation, and erosion of user trust in mobile ecosystems. Given the widespread use of Android devices across the nation, ngCERT strongly urges government agencies, enterprises, and individuals to promptly apply the latest security patches and adopt proactive security measures to mitigate these threats.
ngCERT alerts organizations and users to an actively exploited zero-day vulnerability in Microsoft Windows Desktop Window Manager (DWM), tracked as CVE-2026-20805. The flaw arises from improper handling of Advanced Local Procedure Call (ALPC) messages, allowing attackers with local access to trigger memory disclosure and obtain internal pointers and heap/base address details. While it does not directly allow remote code execution or privilege escalation, it can be leveraged to bypass exploit mitigations like ASLR, increasing the reliability of subsequent attacks. Users and organizations are advised to apply recommended patches, monitor for suspicious activity, and follow security best practices to mitigate risks.
ngCERT is issuing an urgent advisory on the compromise of critical infrastructure by multiple variants of Remote Access Trojans (RAT). Particularly, variants such as Adwind, AsyncRAT, Firebird, Imminent Monitor, NetWire, Orcus, Remcos, Warzone, and WSH RATs are capable of enabling unauthorised remote control over infected systems. These have implications for data breaches, financial fraud and theft, cyber espionage and operational disruption. ngCERT strongly recommends conducting immediate vulnerability scans and deploying endpoint detection tools to mitigate the threats posed by these RATs.
ngCERT is issuing an alert on the infiltration of Pseudomanuscrypt malware, a sophisticated spyware campaign primarily impacting Windows OS. Notably, this mass-scale operation has infected over 35,000 systems globally, focusing mainly on industrial control systems (ICS) and government entities. Particularly, Pseudomanuscrypt infiltration can lead to theft of sensitive credentials and data, potentially enabling follow-on ransomware attacks, financial fraud, and possible sabotage of critical infrastructure across various sectors. This underscores the need for individuals and organisations to take proactive steps to safeguard against Pseudomanuscrypt infiltration.
