Daily Digest

Critical 'React2Shell' RCE Exploited by Chinese Hackers; Google Patches Android Zero-Days

Critical 'React2Shell' RCE Exploited by Chinese Hackers; Google Patches Android Zero-Days

December 5, 2025
5 articles (2 new, 3 updated)
15 min read

Summary

This cybersecurity brief for December 5, 2025, covers a critical 10.0 CVSS vulnerability dubbed 'React2Shell' (CVE-2025-55182) being actively exploited by Chinese state-sponsored actors just hours after disclosure. Other major incidents include Google patching two actively exploited Android zero-days, a joint US-Canada alert on new 'BRICKSTORM' malware targeting VMware, and the Clop ransomware group breaching a major UK NHS trust.

Filter by Category

New Articles (2)

New "Benzona" Ransomware Strain Discovered in the Wild

MEDIUM

CYFIRMA Researchers Identify New "Benzona" Ransomware Encrypting Files and Using TOR for Negotiations

Security researchers at CYFIRMA have discovered a new ransomware strain named "Benzona." The malware encrypts files on Windows, macOS, and Linux systems, appending a ".benzona" extension and dropping a ransom note titled "RECOVERY_INFO.txt". Victims are instructed to use the TOR browser to access a chat portal for recovery negotiations. The threat actors behind Benzona are believed to use a variety of initial access vectors, including social engineering, botnets, and exploitation of software vulnerabilities.

December 5, 2025
4 min read
RansomwareBenzonaCYFIRMAMalwareTOR
New "Benzona" Ransomware Strain Discovered in the Wild
Ransomware
Malware

Critical 7-Zip RCE Vulnerability Now Under Active Exploitation

HIGH

Active Exploitation Confirmed for Critical 7-Zip RCE Vulnerability (CVE-2025-11001)

A critical remote code execution (RCE) vulnerability in the popular 7-Zip file archiver, tracked as CVE-2025-11001, is now being actively exploited in the wild. The path traversal flaw, which affects versions prior to 25.0.0, can be triggered when a user extracts a specially crafted malicious archive. This allows an attacker to write files to arbitrary locations and execute code. NHS England has issued an advisory confirming active exploitation, urging all organizations to update their installations immediately.

December 5, 2025
4 min read
7-ZipRCEVulnerabilityPath TraversalZip Slip +1 more
Critical 7-Zip RCE Vulnerability Now Under Active Exploitation
Vulnerability
Patch Management
Cyberattack

Updated Articles (3)

Washington Post Breached by Clop Ransomware via Oracle Flaws

HIGH

Washington Post Confirms Breach in Widespread Clop Ransomware Campaign Targeting Oracle E-Business Suite

Update:

The Clop ransomware group has claimed another high-profile victim in its ongoing campaign targeting Oracle E-business Suite vulnerabilities. Barts Health NHS Trust, the largest NHS trust in the UK, confirmed on December 5, 2025, that it suffered a data breach where attackers stole files from one of its databases. This incident highlights the continued threat posed by Clop's exploitation of enterprise software flaws and the severe impact on critical sectors like healthcare, potentially exposing sensitive patient and staff data. The attack pattern aligns with previous incidents, involving initial access via Oracle vulnerabilities and subsequent data exfiltration for extortion.

November 9, 2025
Updated: December 5, 2025
6 min read
ClopRansomwareOracleE-Business SuiteData Breach +2 more
Washington Post Breached by Clop Ransomware via Oracle Flaws
Ransomware
Data Breach
Cyberattack

CISA Exposes 'BRICKSTORM' Backdoor Used by Chinese State Actors to Infiltrate US Government

HIGH

CISA, NSA, and Canadian Cyber Centre Issue Joint Advisory on 'BRICKSTORM' Malware Used by PRC State-Sponsored Actors

Update:

New intelligence attributes the BRICKSTORM campaign to the Chinese state-sponsored threat actor 'Warp Panda,' active since at least 2022. Initial access often leverages vulnerabilities in internet-facing edge devices like firewalls and VPN concentrators. Reports indicate dozens of U.S. organizations have been impacted, highlighting the long-term persistence and broad scope of this espionage campaign. The update also explicitly maps several MITRE ATT&CK TTPs, including T1190 (Exploit Public-Facing Application) and T1078 (Valid Accounts), providing more granular technical context for detection and mitigation efforts.

December 4, 2025
Updated: December 5, 2025
6 min read
BRICKSTORMCISANSAPRCChina +4 more
CISA Exposes 'BRICKSTORM' Backdoor Used by Chinese State Actors to Infiltrate US Government
Threat Actor
Malware
Cyberattack

Android Zero-Days Under Active Attack, CISA Adds to KEV Catalog

HIGH

CISA Adds Two Actively Exploited Android Framework Zero-Days (CVE-2025-48633, CVE-2025-48572) to KEV Catalog

Update:

Google has officially released its December 2025 Android Security Bulletin, addressing a total of 107 vulnerabilities. This bulletin includes patches for the previously reported zero-day vulnerabilities, CVE-2025-48633 and CVE-2025-48572, which remain under active, targeted exploitation. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has set a mandatory patch deadline of December 23, 2025, for all U.S. federal agencies. The bulletin also addresses another critical remote denial-of-service vulnerability, CVE-2025-48631, though it is not currently known to be exploited in the wild.

December 4, 2025
Updated: December 5, 2025
4 min read
AndroidZero-DayKEVCISAVulnerability +3 more
Android Zero-Days Under Active Attack, CISA Adds to KEV Catalog
Vulnerability
Mobile Security
Threat Intelligence

📢 Share This Publication

Help others stay informed about cybersecurity threats