React2Shell Exploitation Surges as CISA Adds to KEV; Clop Hits NHS via Oracle Zero-Day

Publication Date: December 7, 2025

Summary

This cybersecurity brief for December 7, 2025, covers a critical period marked by the widespread, active exploitation of the React2Shell vulnerability (CVE-2025-55182), prompting its addition to CISA's KEV catalog. State-sponsored actors and cybercriminals are leveraging the flaw for broad attacks. Concurrently, the Clop ransomware group executed a significant data breach against the UK's Barts Health NHS Trust by exploiting an Oracle zero-day. Other major developments include the discovery of long-running supply chain attacks in Go and Rust package registries, a joint US-Canada warning about Chinese 'Brickstorm' malware targeting VMware, and a no-click vulnerability in WhatsApp leading to account takeovers. These events underscore the increasing sophistication of threats against software supply chains, critical infrastructure, and widely used applications.

Today New Articles

Malicious Go Packages Impersonating Google UUID Library Steal Data

A sophisticated and long-running supply chain attack targeting Go developers has been discovered, active since at least May 2021. The attack involves two malicious packages, `github.com/bpoorman/uuid` and `github.com/bpoorman/uid`, which impersonate a popular...

Mexico's Maguen Group Launches Global Cybersecurity Brand 'Fortem'

Maguen Group, a leading private security firm based in Mexico, has officially launched Fortem Cybersecurity, its new global cybersecurity brand, on December 7, 2025. The new entity is an evolution of the company's existing cybersecurity arm, MT Cyber, which it...

Malicious Rust Package 'evm-units' Targets Web3 Developers

A malicious software package named 'evm-units' has been discovered and removed from Rust's official crates.io registry. The package, downloaded over 7,200 times, targeted Web3 developers by impersonating a legitimate utility for the Ethereum Virtual Machine (E...

Wireshark Vulnerabilities Create Denial-of-Service Risk for Security Teams

France's national cybersecurity agency, CERT-FR, has issued a security advisory for two critical vulnerabilities in Wireshark, the world's most popular network protocol analyzer. The flaws, identified as CVE-2025-13945 and CVE-2025-13946, can be exploited by a...

Article Updates

Washington Post Breached by Clop Ransomware via Oracle Flaws

Update:The Clop ransomware campaign, previously reported for breaching the Washington Post, has claimed another significant victim: Barts Health NHS Trust. This attack, which occurred in August 2025, leveraged a zero-day vulnerability in Oracle E-Business Suite, lead...

Global Coalition Targets 'Bulletproof' Hosting Services Fueling Cybercrime

Update:Security researchers have uncovered a vast Indonesian gambling network now serving as a command-and-control (C2) and anonymity service for malware operators. This dual-use infrastructure allows threat actors to hide malicious traffic within high-volume gamblin...

CISA: Commercial Spyware Hijacking Signal & WhatsApp via Zero-Clicks

Update:A significant surge in 'no-click' WhatsApp account hijackings has been reported globally, with Kuwaiti authorities issuing urgent warnings. This wave of attacks exploits a technical vulnerability allowing account compromise without user interaction. While spec...