Android Zero-Days & Critical React RCE Exploited in Wild; Coupang Breach Hits 34M
Summary
This cybersecurity brief for December 3, 2025, covers a series of critical incidents, including the active exploitation of two Android zero-day vulnerabilities and a perfect 10.0 CVSS score RCE flaw in React and Next.js. A massive data breach at South Korean e-commerce giant Coupang exposed the data of nearly 34 million customers due to a compromised employee key. Other major developments include a supply-chain attack on the SmartTube app, new stealthy tactics from Iranian APT MuddyWater, a shift to data extortion by ransomware groups targeting manufacturing, and significant policy updates from the G7 and EU.
Today New Articles
React2Shell: Critical 10.0 CVSS RCE Hits React & Next.js, Actively Exploited!
A critical unauthenticated remote code execution (RCE) vulnerability, dubbed 'React2Shell' and tracked as CVE-2025-55182, has been disclosed in React Server Components. With a maximum CVSS score of 10.0, the flaw affects popular frameworks like Next.js and all...
ValleyRAT Malware Targets Job Seekers Using Foxit PDF Reader Disguise
A new malware campaign is distributing the ValleyRAT remote access trojan by preying on job seekers. Attackers send emails with weaponized executables disguised as HR documents, using the Foxit PDF Reader icon as a lure. The attack leverages a legitimate, rena...
G7 Unveils New Framework for Coordinated Cyber Response in Financial Sector
The G7 Cyber Expert Group has published a new policy paper outlining non-binding principles for Collective Cyber Incident Response and Recovery (CCIRR) within the global financial sector. The framework, developed to foster greater cross-border cooperation, aim...
EU Cyber Resilience Act Deadlines Loom: Vulnerability Reporting Starts 2026
The European Union is advancing the implementation of its landmark Cyber Resilience Act (CRA), which establishes mandatory cybersecurity requirements for all hardware and software products sold in the EU. With the regulation now in force, key deadlines are app...
Article Updates
Qilin Ransomware Gang Claims 7 of 11 New Victims in 24 Hours
Update:A new Sophos report reveals a significant evolution in ransomware tactics, particularly in the manufacturing sector. While improved defenses have led to a five-year low in data encryption rates (40%), attackers, including groups like Qilin, are adapting by inc...