Daily Digest

Critical 'React2Shell' RCE Threatens Web Ecosystem as CISA Warns of Chinese 'BRICKSTORM' Malware Targeting Governments

Critical 'React2Shell' RCE Threatens Web Ecosystem as CISA Warns of Chinese 'BRICKSTORM' Malware Targeting Governments

December 4, 2025
7 articles (7 new)
21 min read

Summary

This cybersecurity brief for December 4, 2025, covers a critical 10.0 CVSS RCE vulnerability, 'React2Shell' (CVE-2025-55182), affecting React and Next.js, now under active exploitation. Concurrently, a joint advisory from CISA, NSA, and Canada's Cyber Centre details the sophisticated 'BRICKSTORM' backdoor used by PRC state-sponsored actors against government and IT sectors. Other major developments include CISA adding actively exploited Android and SCADA vulnerabilities to its KEV catalog, a FinCEN report revealing over $2.1 billion in ransomware payments since 2022, and a significant data breach disclosure from Freedom Mobile.

Filter by Category

New Articles (7)

CISA Exposes 'BRICKSTORM' Backdoor Used by Chinese State Actors to Infiltrate US Government

HIGH

CISA, NSA, and Canadian Cyber Centre Issue Joint Advisory on 'BRICKSTORM' Malware Used by PRC State-Sponsored Actors

The US Cybersecurity and Infrastructure Security Agency (CISA), NSA, and Canadian Centre for Cyber Security have jointly exposed a sophisticated backdoor named 'BRICKSTORM'. According to the December 4, 2025 advisory, People's Republic of China (PRC) state-sponsored actors are using this malware to target government and IT sector organizations. BRICKSTORM is designed for stealth and long-term persistence in both VMware vSphere and Windows environments. It employs multi-layered encrypted communications, including DNS-over-HTTPS (DoH), to hide its C2 traffic. The advisory details an attack chain where actors used a web shell for initial access, moved laterally via RDP, and ultimately deployed BRICKSTORM on a VMware vCenter server to compromise domain controllers. Agencies are urged to hunt for this threat immediately.

December 4, 2025
6 min read
BRICKSTORMCISANSAPRCChina +4 more
CISA Exposes 'BRICKSTORM' Backdoor Used by Chinese State Actors to Infiltrate US Government
Threat Actor
Malware
Cyberattack

Ransomware Payments Exceed $2.1 Billion Since 2022, FinCEN Reports

INFORMATIONAL

FinCEN Analysis Shows Ransomware Payments Topped $2.1 Billion from 2022-2024, with ALPHV/BlackCat Leading

A new Financial Trend Analysis from the U.S. Treasury's Financial Crimes Enforcement Network (FinCEN), released December 4, 2025, reveals that financial institutions reported over $2.1 billion in ransomware-related payments between January 2022 and December 2024. The data, derived from Bank Secrecy Act (BSA) filings, shows a peak in 2023 with $1.1 billion in payments. The report identifies ALPHV/BlackCat, LockBit, and Akira as some of the most prevalent variants, with the manufacturing and financial services sectors being the most frequent victims. The analysis underscores the critical role of BSA reporting in tracking cybercrime trends and informing law enforcement actions.

December 4, 2025
4 min read
RansomwareFinCENFinancial CrimeALPHVBlackCat +2 more
Ransomware Payments Exceed $2.1 Billion Since 2022, FinCEN Reports
Ransomware
Regulatory
Threat Intelligence

Freedom Mobile Data Breach Exposes Customer PII via Compromised Subcontractor

MEDIUM

Freedom Mobile Discloses Data Breach After Attacker Uses Compromised Subcontractor Account to Access Customer Data

Canadian telecommunications provider Freedom Mobile announced on December 3, 2025, that it suffered a data breach after an unauthorized party gained access to its systems on October 23, 2025. The attacker leveraged the compromised account of a third-party subcontractor to access a customer account management platform. Exposed data includes customer names, addresses, birth dates, phone numbers, and account numbers. Freedom Mobile stated that more sensitive data like payment card information and passwords were not affected. The company is notifying a 'limited number' of affected individuals and advising them to be vigilant against phishing attacks.

December 4, 2025
4 min read
Data BreachFreedom MobileSupply Chain AttackThird-Party RiskPII +1 more
Freedom Mobile Data Breach Exposes Customer PII via Compromised Subcontractor
Data Breach
Supply Chain Attack
Phishing

CISA KEV Alert: Actively Exploited ScadaBR Flaw Puts Industrial Control Systems at Risk

HIGH

CISA Adds Exploited OpenPLC ScadaBR Vulnerability (CVE-2021-26828) to KEV Catalog

CISA has added CVE-2021-26828, a high-severity vulnerability in the OpenPLC ScadaBR industrial control system (ICS) software, to its Known Exploited Vulnerabilities (KEV) catalog as of December 3, 2025. The flaw, with a CVSS score of 8.7, is an unrestricted file upload vulnerability that allows an authenticated attacker to achieve remote code execution (RCE) by uploading a malicious JSP file. This poses a significant risk to operational technology (OT) environments where this open-source SCADA solution is deployed. Federal agencies are mandated to patch by December 24, 2025, and CISA urges all organizations in critical infrastructure sectors to prioritize remediation.

December 4, 2025
5 min read
ICSSCADAOTCISAKEV +3 more
CISA KEV Alert: Actively Exploited ScadaBR Flaw Puts Industrial Control Systems at Risk
Industrial Control Systems
Vulnerability
Threat Intelligence

Under Armour Sued Over Data Breach Attributed to 'Everest' Cybercrime Group

HIGH

Under Armour Faces Class Action Lawsuit Alleging Negligence in November 2025 Data Breach

Athletic apparel giant Under Armour is the target of a new class action lawsuit following a November 2025 data breach. The suit, reported on December 4, 2025, claims the company was negligent in protecting the personal information of consumers and employees. The breach was allegedly carried out by the 'Everest' cybercriminal group, which claims to have stolen and leaked hundreds of gigabytes of data. The lawsuit asserts that Under Armour failed to implement basic cybersecurity measures like encryption and did not provide timely notification to victims, who now face a heightened risk of identity theft and fraud.

December 4, 2025
4 min read
Data BreachUnder ArmourClass ActionLawsuitEverest +2 more
Under Armour Sued Over Data Breach Attributed to 'Everest' Cybercrime Group
Data Breach
Threat Actor
Policy and Compliance

Critical Zero-Days in PyTorch Scanner 'PickleScan' Create AI Supply Chain Risk

CRITICAL

JFrog Discloses Critical Zero-Day Vulnerabilities in PyTorch Security Tool PickleScan, Enabling Arbitrary Code Execution

Security firm JFrog has disclosed three critical zero-day vulnerabilities in PickleScan, a popular open-source tool used to scan Python pickle files for malware, particularly within the PyTorch AI framework. The flaws, collectively rated with a CVSS score of 9.3, allow an attacker to craft a malicious AI model that bypasses PickleScan's security checks. When this seemingly safe model is loaded by a user, it can lead to arbitrary code execution. This discovery, announced on December 3, 2025, highlights a significant software supply chain risk for the AI/ML community, as attackers could distribute weaponized models that evade standard security scanning.

December 4, 2025
5 min read
Zero-DayAI SecurityMLOpsPyTorchPickleScan +3 more
Critical Zero-Days in PyTorch Scanner 'PickleScan' Create AI Supply Chain Risk
Vulnerability
Supply Chain Attack
Cloud Security

AWS Boosts Cloud Defense with New AI-Powered Security Tools at re:Invent 2025

INFORMATIONAL

AWS Announces AI-Powered Security Agent, Enhanced GuardDuty, and Upgraded Security Hub at re:Invent 2025

At its re:Invent 2025 conference, Amazon Web Services (AWS) unveiled several major additions to its security portfolio, heavily infused with artificial intelligence. Key announcements on December 3, 2025, included the preview of AWS Security Agent, a context-aware tool for proactive application security testing throughout the development lifecycle. AWS also announced the general availability of its revamped AWS Security Hub for centralized cloud security posture management (CSPM) and new attack sequence findings in Amazon GuardDuty for better threat detection in EC2 and ECS environments. These updates aim to automate and enhance security operations for organizations in the cloud.

December 4, 2025
4 min read
AWSCloud Securityre:InventAI SecurityCSPM +2 more
AWS Boosts Cloud Defense with New AI-Powered Security Tools at re:Invent 2025
Cloud Security
Security Operations
Patch Management

📢 Share This Publication

Help others stay informed about cybersecurity threats