A recently disclosed vulnerability in Spring Security’s authentication mechanism (CVE-2025-22234) allows attackers to infer valid usernames by analyzing login response times.

Analysts have identified 34 different plugins associated with DCRat, enabling dangerous functionalities such as keystroke logging, webcam access, file theft, and password exfiltration.