Daily Digest

React2Shell Mass Exploitation: Critical RCE Flaw Hits Web, as Android Zero-Days and FinCEN Report Highlight Escalating Threats

React2Shell Mass Exploitation: Critical RCE Flaw Hits Web, as Android Zero-Days and FinCEN Report Highlight Escalating Threats

December 8, 2025
5 articles (4 new, 1 updated)
15 min read

Summary

This cybersecurity brief for December 8, 2025, covers a period of intense activity, headlined by the mass exploitation of 'React2Shell' (CVE-2025-55182), a critical 10.0 CVSS RCE vulnerability in React Server Components targeted by Chinese APTs. Other major events include Google's patch for two actively exploited Android zero-days, a FinCEN report revealing over $2.1 billion in ransomware payments since 2022, and significant data breaches at universities and financial service providers linked to Cl0p and Akira ransomware gangs. The landscape is further defined by new malware threats like the BRICKSTORM backdoor and Albiriox Android trojan, and a White House executive order accelerating the transition to post-quantum cryptography.

Filter by Category

New Articles (4)

Cl0p Implicated in Oracle Zero-Day Attacks, Breaching UPenn and University of Phoenix

HIGH

Universities of Pennsylvania and Phoenix Disclose Data Breaches After Oracle E-Business Suite Zero-Day Exploitation, Cl0p Ransomware Gang Suspected

The University of Pennsylvania and the University of Phoenix have both reported data breaches resulting from the exploitation of zero-day vulnerabilities in their Oracle E-Business Suite servers. The attacks have compromised the personal information of at least 1,488 individuals at UPenn and a much larger, unspecified number of students, alumni, and staff at the University of Phoenix. Security researchers suspect the notorious Cl0p ransomware gang is behind the campaign, continuing their pattern of exploiting vulnerabilities in widely used enterprise software for large-scale data theft and extortion. Both institutions are currently notifying affected individuals.

December 8, 2025
5 min read
Cl0pData BreachZero-DayOracleOracle E-Business Suite +3 more
Cl0p Implicated in Oracle Zero-Day Attacks, Breaching UPenn and University of Phoenix

White House Sets 2025 Deadline for Post-Quantum Crypto Readiness

INFORMATIONAL

New White House Executive Order Mandates Key Post-Quantum Cryptography (PQC) Actions by December 2025

The White House has issued a new Executive Order to accelerate the U.S. federal government's transition to post-quantum cryptography (PQC). The order sets a critical deadline of December 1, 2025, for several key initiatives. It directs CISA and the NSA to create and maintain a list of commercially available products that support PQC standards, guiding federal procurement. It also mandates the development of new requirements for federal agencies to support TLS 1.3, a necessary precursor for PQC integration. Additionally, NIST is tasked with updating its Secure Software Development Framework (SSDF) to include practices for developing quantum-resistant software.

December 8, 2025
5 min read
PQCPost-Quantum CryptographyWhite HouseExecutive OrderNIST +4 more
White House Sets 2025 Deadline for Post-Quantum Crypto Readiness

WhatsApp Worm Spreads Astaroth Banking Trojan in New Brazilian Campaign

MEDIUM

Threat Actor STAC3150 Uses WhatsApp Web to Distribute Astaroth Banking Trojan to Brazilian Users

A new malware campaign, tracked as STAC3150, is targeting banking users in Brazil by using WhatsApp Web as a distribution vector for the Astaroth banking trojan. The attack begins with a social engineering lure sent via WhatsApp, which persuades the victim to download a malicious ZIP archive. The archive contains a VBS or HTA file that, when executed, initiates a multi-stage infection process to deploy the Astaroth trojan. Astaroth is a well-known information stealer designed to capture banking credentials and other sensitive data. This campaign highlights the increasing use of popular messaging platforms for malware delivery.

December 8, 2025
4 min read
AstarothBanking TrojanWhatsAppMalwarePhishing +2 more
WhatsApp Worm Spreads Astaroth Banking Trojan in New Brazilian Campaign

SharePoint Flaw Chain Exploited to Deploy Warlock Ransomware

HIGH

Storm-2603 Threat Actor Abuses SharePoint Vulnerabilities and Velociraptor Tool to Deploy Warlock Ransomware

A new attack campaign attributed to the threat actor Storm-2603 is exploiting a chain of Microsoft SharePoint vulnerabilities (CVE-2025-49706, CVE-2025-49704) for initial access. Post-exploitation, the attackers deploy Velociraptor, a legitimate digital forensics and incident response (DFIR) tool, for reconnaissance and persistence. By abusing a trusted tool, the attackers blend in with normal administrative activity, evading detection. In several confirmed incidents, this attack chain culminates in the deployment of the Warlock ransomware. This 'living-off-the-land' technique highlights a sophisticated approach to facilitating ransomware attacks.

December 8, 2025
5 min read
WarlockRansomwareStorm-2603SharePointVelociraptor +2 more
SharePoint Flaw Chain Exploited to Deploy Warlock Ransomware

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.