Daily Digest

Android Zero-Days & Critical React RCE Exploited in Wild; Coupang Breach Hits 34M

Android Zero-Days & Critical React RCE Exploited in Wild; Coupang Breach Hits 34M

December 3, 2025
5 articles (4 new, 1 updated)
15 min read

Summary

This cybersecurity brief for December 3, 2025, covers a series of critical incidents, including the active exploitation of two Android zero-day vulnerabilities and a perfect 10.0 CVSS score RCE flaw in React and Next.js. A massive data breach at South Korean e-commerce giant Coupang exposed the data of nearly 34 million customers due to a compromised employee key. Other major developments include a supply-chain attack on the SmartTube app, new stealthy tactics from Iranian APT MuddyWater, a shift to data extortion by ransomware groups targeting manufacturing, and significant policy updates from the G7 and EU.

Filter by Category

New Articles (4)

React2Shell: Critical 10.0 CVSS RCE Hits React & Next.js, Actively Exploited!

CRITICAL

Critical 'React2Shell' RCE (CVE-2025-55182) in React Server Components Under Active Exploitation

A critical unauthenticated remote code execution (RCE) vulnerability, dubbed 'React2Shell' and tracked as CVE-2025-55182, has been disclosed in React Server Components. With a maximum CVSS score of 10.0, the flaw affects popular frameworks like Next.js and allows attackers to take complete control of vulnerable servers. Security researchers have already observed active exploitation in the wild, with attackers attempting to harvest cloud credentials and deploy cryptocurrency miners. Major cloud providers have issued WAF rules as a temporary mitigation, but immediate patching is essential.

December 3, 2025
6 min read
ReactNext.jsRCEVulnerabilityCVSS 10 +3 more
React2Shell: Critical 10.0 CVSS RCE Hits React & Next.js, Actively Exploited!
Vulnerability
Cyberattack
Cloud Security

ValleyRAT Malware Targets Job Seekers Using Foxit PDF Reader Disguise

MEDIUM

ValleyRAT Campaign Abuses Foxit PDF Reader for DLL Side-Loading to Target Job Seekers

A new malware campaign is distributing the ValleyRAT remote access trojan by preying on job seekers. Attackers send emails with weaponized executables disguised as HR documents, using the Foxit PDF Reader icon as a lure. The attack leverages a legitimate, renamed Foxit executable to perform a DLL side-loading attack, which silently loads the malware while displaying a decoy document to the victim. Once active, ValleyRAT provides attackers with full control over the compromised system, enabling data theft and surveillance.

December 3, 2025
5 min read
ValleyRATMalwarePhishingDLL Side-loadingSocial Engineering +2 more
ValleyRAT Malware Targets Job Seekers Using Foxit PDF Reader Disguise
Malware
Phishing
Threat Actor

G7 Unveils New Framework for Coordinated Cyber Response in Financial Sector

INFORMATIONAL

G7 Publishes Non-Binding Framework for Collective Cyber Incident Response and Recovery (CCIRR) in Financial Sector

The G7 Cyber Expert Group has published a new policy paper outlining non-binding principles for Collective Cyber Incident Response and Recovery (CCIRR) within the global financial sector. The framework, developed to foster greater cross-border cooperation, aims to improve information sharing, streamline crisis communication, and bolster the resilience of the international financial system against major cyber incidents. The principles are intended as a high-level guide rather than a set of regulatory requirements.

December 3, 2025
4 min read
G7Financial SectorIncident ResponsePolicyCybersecurity Framework +2 more
G7 Unveils New Framework for Coordinated Cyber Response in Financial Sector
Policy and Compliance
Regulatory
Incident Response

EU Cyber Resilience Act Deadlines Loom: Vulnerability Reporting Starts 2026

INFORMATIONAL

EU Advances Cyber Resilience Act (CRA) Implementation, Sets Key Deadlines for Manufacturers

The European Union is advancing the implementation of its landmark Cyber Resilience Act (CRA), which establishes mandatory cybersecurity requirements for all hardware and software products sold in the EU. With the regulation now in force, key deadlines are approaching. Manufacturers must prepare for a critical milestone in September 2026, when obligations to report actively exploited vulnerabilities to authorities within 24 hours will begin. The act aims to enforce security-by-design and ensure products remain secure throughout their lifecycle.

December 3, 2025
5 min read
CRAEURegulationComplianceCybersecurity Act +2 more
EU Cyber Resilience Act Deadlines Loom: Vulnerability Reporting Starts 2026
Policy and Compliance
Regulatory
Vulnerability

Updated Articles (1)

Qilin Ransomware Gang Claims 7 of 11 New Victims in 24 Hours

HIGH

Daily Ransomware Report: Qilin Group Leads Surge in Attacks, Targeting Professional Services and Manufacturing

Update:

A new Sophos report reveals a significant evolution in ransomware tactics, particularly in the manufacturing sector. While improved defenses have led to a five-year low in data encryption rates (40%), attackers, including groups like Qilin, are adapting by increasing extortion-only attacks from 3% to 10%. Exploited vulnerabilities remain the primary root cause. This shift emphasizes the need for enhanced focus on preventing data exfiltration and detecting initial access, as the overall threat remains potent despite changes in attack methodology.

November 8, 2025
Updated: December 3, 2025
5 min read
RansomwareQilinDragonForceData BreachCybercrime +1 more
Qilin Ransomware Gang Claims 7 of 11 New Victims in 24 Hours
Ransomware
Threat Actor

📢 Share This Publication

Help others stay informed about cybersecurity threats