Daily Digest

React2Shell Zero-Day Exploited by Chinese APTs, Triggers Global Cloudflare Outage; FinCEN Reports Ransomware Payments Top $2.1B

React2Shell Zero-Day Exploited by Chinese APTs, Triggers Global Cloudflare Outage; FinCEN Reports Ransomware Payments Top $2.1B

December 6, 2025
4 articles (3 new, 1 updated)
12 min read

Summary

This cybersecurity brief for December 6, 2025, covers a critical 24-hour period dominated by the active exploitation of the React2Shell vulnerability (CVE-2025-55182). Chinese state-sponsored actors weaponized the CVSS 10.0 flaw within hours, prompting CISA to add it to the KEV catalog. The rush to mitigate the threat inadvertently caused a major global outage at Cloudflare. Concurrently, a new FinCEN report revealed ransomware payments have surpassed $2.1 billion in three years, highlighting the persistent financial drain of cybercrime. Other significant developments include the emergence of the Benzona ransomware, the Albiriox Android RAT, and a new cybercrime supergroup, 'Scattered LAPSUS$ Hunters,' threatening Salesforce data.

Filter by Category

New Articles (3)

Cloudflare Outage Hits 28% of Global Traffic After Faulty React2Shell Patch

HIGH

Cloudflare Confirms Global Outage Caused by Botched Emergency WAF Update to Mitigate React2Shell

Cloudflare, a leading internet infrastructure provider, experienced a 25-minute global outage on December 5, 2025, that impacted approximately 28% of its HTTP traffic and made numerous popular websites inaccessible. The company quickly confirmed the disruption was not a cyberattack but was self-inflicted, caused by a faulty emergency change to its Web Application Firewall (WAF). The problematic update was deployed to provide mitigation against the critical React2Shell (CVE-2025-55182) vulnerability. The incident highlights the inherent risks of rapid, large-scale deployments, even when intended to improve security, and raises questions about change management processes for critical infrastructure.

December 6, 2025
4 min read
CloudflareOutageWAFReact2ShellChange Management +2 more
Cloudflare Outage Hits 28% of Global Traffic After Faulty React2Shell Patch

AI Infrastructure at Risk: MCP Servers Emerge as New Supply Chain Threat

HIGH

Model Context Protocol (MCP) Servers Identified as a Critical and Emerging AI Supply Chain Risk Vector

A new security advisory warns that Model Context Protocol (MCP) servers represent a significant and growing supply chain risk for organizations building AI-powered applications. These servers act as highly privileged automation engines, often possessing trusted access to sensitive enterprise resources like code repositories, email systems, and internal APIs. The warning follows the analysis of a critical vulnerability at hosting service Smithery.ai, where a single path traversal flaw could have allowed an attacker to gain administrative control over 3,000 hosted MCP servers. This and other incidents demonstrate that MCP servers are high-value targets that can be exploited to compromise entire AI software supply chains.

December 6, 2025
5 min read
MCPAI SecuritySupply Chain AttackDockerPath Traversal +1 more
AI Infrastructure at Risk: MCP Servers Emerge as New Supply Chain Threat

Iran Bans Officials From Using All Internet-Connected Devices Over Espionage Fears

INFORMATIONAL

Iran's Cybersecurity Command Issues Sweeping Ban on Internet-Connected Devices for Government Officials

In a drastic measure to combat espionage, Iran's Cybersecurity Command has banned all government officials and their security staff from using any device connected to public communication networks. The directive, reported on December 5, 2025, includes smartphones, laptops, and smartwatches. The move is a direct response to fears of hacking and mobile tracking being used for targeted assassinations, referencing past attacks on nuclear scientists and recent pager and walkie-talkie attacks against Hezbollah. The policy highlights a security philosophy of complete network isolation for key personnel over reliance on defensive technology.

December 6, 2025
4 min read
IranOPSECPolicyEspionageGeopolitics +1 more
Iran Bans Officials From Using All Internet-Connected Devices Over Espionage Fears

Updated Articles (1)

Massive Supply Chain Attack Hits 200+ Companies via Salesforce App; Hacker Group Claims Breach

HIGH

Scattered Lapsus$ Hunters Claim Major Supply Chain Breach Abusing Gainsight OAuth Tokens in Salesforce

Update:

The cybercrime supergroup 'Scattered LAPSUS$ Hunters' has escalated its campaign by launching a dark web leak site. The group, comprising members of Lapsus$, Scattered Spider, and ShinyHunters, is now threatening to leak approximately one billion records allegedly stolen from Salesforce customer environments. They are publicly demanding that Salesforce negotiate a payment to prevent the mass publication of this sensitive data, highlighting the severe extortion pressure on victims and the SaaS ecosystem. Salesforce reiterates its platform was not directly breached, attributing the access to social engineering and OAuth token abuse targeting its clients.

November 22, 2025
Updated: December 6, 2025
6 min read
OAuthSupply Chain AttackSaaSSalesforceGainsight +3 more
Massive Supply Chain Attack Hits 200+ Companies via Salesforce App; Hacker Group Claims Breach

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.