Daily Digest

React2Shell Exploitation Surges as CISA Adds to KEV; Clop Hits NHS via Oracle Zero-Day

React2Shell Exploitation Surges as CISA Adds to KEV; Clop Hits NHS via Oracle Zero-Day

December 7, 2025
7 articles (4 new, 3 updated)
21 min read

Summary

This cybersecurity brief for December 7, 2025, covers a critical period marked by the widespread, active exploitation of the React2Shell vulnerability (CVE-2025-55182), prompting its addition to CISA's KEV catalog. State-sponsored actors and cybercriminals are leveraging the flaw for broad attacks. Concurrently, the Clop ransomware group executed a significant data breach against the UK's Barts Health NHS Trust by exploiting an Oracle zero-day. Other major developments include the discovery of long-running supply chain attacks in Go and Rust package registries, a joint US-Canada warning about Chinese 'Brickstorm' malware targeting VMware, and a no-click vulnerability in WhatsApp leading to account takeovers. These events underscore the increasing sophistication of threats against software supply chains, critical infrastructure, and widely used applications.

Filter by Category

New Articles (4)

Malicious Go Packages Impersonating Google UUID Library Steal Data

HIGH

Long-Running Typosquatting Campaign Uncovered: Malicious Go Packages Mimic Google UUID Library to Exfiltrate Data

A sophisticated and long-running supply chain attack targeting Go developers has been discovered, active since at least May 2021. The attack involves two malicious packages, `github.com/bpoorman/uuid` and `github.com/bpoorman/uid`, which impersonate a popular Google UUID library using a typosquatting technique. The counterfeit packages are fully functional to avoid suspicion but contain a hidden backdoor. A specific function, `Valid`, is weaponized to secretly encrypt and exfiltrate any data passed to it, such as user IDs or session tokens, to an external paste site. This stealthy method allows the attacker, 'bpoorman', to siphon sensitive information from compromised applications.

December 7, 2025
4 min read
GoTyposquattingDependency ConfusionSoftware Supply ChainData Exfiltration
Malicious Go Packages Impersonating Google UUID Library Steal Data
Supply Chain Attack
Malware
Threat Actor

Mexico's Maguen Group Launches Global Cybersecurity Brand 'Fortem'

INFORMATIONAL

Mexican Security Giant Maguen Group Rebrands Cyber Division to Fortem Cybersecurity for Global Expansion

Maguen Group, a leading private security firm based in Mexico, has officially launched Fortem Cybersecurity, its new global cybersecurity brand, on December 7, 2025. The new entity is an evolution of the company's existing cybersecurity arm, MT Cyber, which it acquired in 2019. With Fortem, Maguen Group aims to 'democratize cybersecurity' by offering enterprise-level protection to companies of all sizes. The launch marks a strategic push for global expansion, leveraging its existing presence in Mexico, Ecuador, and Germany, with the United States targeted as the next major market.

December 7, 2025
2 min read
Cybersecurity IndustryCorporate NewsMexicoMarket ExpansionMSSP
Mexico's Maguen Group Launches Global Cybersecurity Brand 'Fortem'
Other

Malicious Rust Package 'evm-units' Targets Web3 Developers

HIGH

Malicious Rust Crate 'evm-units' Impersonates Ethereum Tool to Steal Crypto from Web3 Developers

A malicious software package named 'evm-units' has been discovered and removed from Rust's official crates.io registry. The package, downloaded over 7,200 times, targeted Web3 developers by impersonating a legitimate utility for the Ethereum Virtual Machine (EVM). While appearing functional, the crate contained a stealthy, multi-stage loader designed to download and execute operating system-specific malware. The malware included code to specifically evade 360 Total Security, a popular antivirus in China, suggesting the threat actor's focus was on stealing cryptocurrency from developers, likely in the Asian market. A second package, 'uniswap-utils', was also removed for depending on the malicious crate.

December 7, 2025
4 min read
Rustcrates.ioWeb3CryptocurrencySupply Chain Attack +1 more
Malicious Rust Package 'evm-units' Targets Web3 Developers
Supply Chain Attack
Malware
Threat Intelligence

Wireshark Vulnerabilities Create Denial-of-Service Risk for Security Teams

MEDIUM

CERT-FR Warns of Critical Denial-of-Service Vulnerabilities (CVE-2025-13945, CVE-2025-13946) in Wireshark

France's national cybersecurity agency, CERT-FR, has issued a security advisory for two critical vulnerabilities in Wireshark, the world's most popular network protocol analyzer. The flaws, identified as CVE-2025-13945 and CVE-2025-13946, can be exploited by a remote attacker to cause a denial-of-service (DoS) condition. This poses a significant risk to security operations, as an attacker could crash the tool during a live incident investigation, effectively blinding security analysts. Users are urged to update to the patched versions (4.4.12 and 4.6.2) to mitigate the risk.

December 7, 2025
3 min read
WiresharkDenial of ServiceDoSCERT-FRSecurity Tools +1 more
Wireshark Vulnerabilities Create Denial-of-Service Risk for Security Teams
Vulnerability
Patch Management
Security Operations

Updated Articles (3)

Washington Post Breached by Clop Ransomware via Oracle Flaws

HIGH

Washington Post Confirms Breach in Widespread Clop Ransomware Campaign Targeting Oracle E-Business Suite

Update:

The Clop ransomware campaign, previously reported for breaching the Washington Post, has claimed another significant victim: Barts Health NHS Trust. This attack, which occurred in August 2025, leveraged a zero-day vulnerability in Oracle E-Business Suite, leading to the exfiltration of patient and staff names and addresses from an invoice database. This sensitive data was subsequently published on Clop's dark web leak site. The vulnerability exploited in this wider campaign has now been patched. This incident highlights the severe impact on critical infrastructure and the ongoing threat of data compromise and regulatory fines, further increasing the overall severity of this campaign.

November 9, 2025
Updated: December 7, 2025
6 min read
ClopRansomwareOracleE-Business SuiteData Breach +2 more
Washington Post Breached by Clop Ransomware via Oracle Flaws
Ransomware
Data Breach
Cyberattack

CISA: Commercial Spyware Hijacking Signal & WhatsApp via Zero-Clicks

HIGH

CISA Warns of Commercial Spyware Targeting High-Value Individuals via Signal and WhatsApp

Update:

A significant surge in 'no-click' WhatsApp account hijackings has been reported globally, with Kuwaiti authorities issuing urgent warnings. This wave of attacks exploits a technical vulnerability allowing account compromise without user interaction. While specific technical details remain undisclosed, the widespread exploitation has led to a sharp increase in compromised accounts. Users are strongly advised to immediately enable two-factor authentication (2FA) within WhatsApp settings, as it is identified as the most effective defense against this ongoing threat.

November 25, 2025
Updated: December 7, 2025
5 min read
CISAspywaremobile securitySignalWhatsApp +3 more
CISA: Commercial Spyware Hijacking Signal & WhatsApp via Zero-Clicks
Malware
Mobile Security
Threat Intelligence

Global Coalition Targets 'Bulletproof' Hosting Services Fueling Cybercrime

INFORMATIONAL

NSA, CISA, FBI and International Partners Issue Joint Guidance to Dismantle Criminal 'Bulletproof' Hosting Providers

Update:

Security researchers have uncovered a vast Indonesian gambling network now serving as a command-and-control (C2) and anonymity service for malware operators. This dual-use infrastructure allows threat actors to hide malicious traffic within high-volume gambling communications, making detection and attribution significantly harder. The network provides a resilient platform for various malware campaigns, illustrating a real-world manifestation of the 'bulletproof' hosting challenge that international coalitions are working to disrupt. This discovery highlights the evolving sophistication of cybercrime infrastructure.

November 21, 2025
Updated: December 7, 2025
4 min read
Bulletproof HostingBPHCISANSAFBI +2 more
Global Coalition Targets 'Bulletproof' Hosting Services Fueling Cybercrime
Policy and Compliance
Threat Intelligence
Regulatory

📢 Share This Publication

Help others stay informed about cybersecurity threats