Critical 'React2Shell' RCE Exploited by Chinese Hackers; Google Patches Android Zero-Days

The Clop ransomware group has claimed another high-profile victim in its ongoing campaign targeting Oracle E-business Suite vulnerabilities. Barts Health NHS Trust, the largest NHS trust in the UK, confirmed on December 5, 2025, that it suffered a data breach where attackers stole files from one of its databases. This incident highlights the continued threat posed by Clop's exploitation of enterprise software flaws and the severe impact on critical sectors like healthcare, potentially exposing sensitive patient and staff data. The attack pattern aligns with previous incidents, involving initial access via Oracle vulnerabilities and subsequent data exfiltration for extortion.

New intelligence attributes the BRICKSTORM campaign to the Chinese state-sponsored threat actor 'Warp Panda,' active since at least 2022. Initial access often leverages vulnerabilities in internet-facing edge devices like firewalls and VPN concentrators. Reports indicate dozens of U.S. organizations have been impacted, highlighting the long-term persistence and broad scope of this espionage campaign. The update also explicitly maps several MITRE ATT&CK TTPs, including T1190 (Exploit Public-Facing Application) and T1078 (Valid Accounts), providing more granular technical context for detection and mitigation efforts.

Google has officially released its December 2025 Android Security Bulletin, addressing a total of 107 vulnerabilities. This bulletin includes patches for the previously reported zero-day vulnerabilities, CVE-2025-48633 and CVE-2025-48572, which remain under active, targeted exploitation. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has set a mandatory patch deadline of December 23, 2025, for all U.S. federal agencies. The bulletin also addresses another critical remote denial-of-service vulnerability, CVE-2025-48631, though it is not currently known to be exploited in the wild.