React2Shell Mass Exploitation: Critical RCE Flaw Hits Web, as Android Zero-Days and FinCEN Report Highlight Escalating Threats

Publication Date: December 8, 2025

Summary

This cybersecurity brief for December 8, 2025, covers a period of intense activity, headlined by the mass exploitation of 'React2Shell' (CVE-2025-55182), a critical 10.0 CVSS RCE vulnerability in React Server Components targeted by Chinese APTs. Other major events include Google's patch for two actively exploited Android zero-days, a FinCEN report revealing over $2.1 billion in ransomware payments since 2022, and significant data breaches at universities and financial service providers linked to Cl0p and Akira ransomware gangs. The landscape is further defined by new malware threats like the BRICKSTORM backdoor and Albiriox Android trojan, and a White House executive order accelerating the transition to post-quantum cryptography.

Today New Articles

Cl0p Implicated in Oracle Zero-Day Attacks, Breaching UPenn and University of Phoenix

The University of Pennsylvania and the University of Phoenix have both reported data breaches resulting from the exploitation of zero-day vulnerabilities in their Oracle E-Business Suite servers. The attacks have compromised the personal information of at leas...

White House Sets 2025 Deadline for Post-Quantum Crypto Readiness

The White House has issued a new Executive Order to accelerate the U.S. federal government's transition to post-quantum cryptography (PQC). The order sets a critical deadline of December 1, 2025, for several key initiatives. It directs CISA and the NSA to crea...

WhatsApp Worm Spreads Astaroth Banking Trojan in New Brazilian Campaign

A new malware campaign, tracked as STAC3150, is targeting banking users in Brazil by using WhatsApp Web as a distribution vector for the Astaroth banking trojan. The attack begins with a social engineering lure sent via WhatsApp, which persuades the victim to...

SharePoint Flaw Chain Exploited to Deploy Warlock Ransomware

A new attack campaign attributed to the threat actor Storm-2603 is exploiting a chain of Microsoft SharePoint vulnerabilities (CVE-2025-49706, CVE-2025-49704) for initial access. Post-exploitation, the attackers deploy Velociraptor, a legitimate digital forens...

Article Updates

Supply Chain Breach at Vendor Marquis Exposes Data From Dozens of US Banks

Update:New details reveal the Akira ransomware gang is suspected behind the Marquis Software Solutions breach. The attack, which now affects over 400,000 customers across 74 financial institutions, reportedly leveraged vulnerabilities in SonicWall firewall devices fo...