Global Patching Scramble as Critical "React2Shell" RCE Vulnerability Sees Widespread Exploitation

Publication Date: December 9, 2025

Summary

This cybersecurity brief for December 9, 2025, covers a critical unauthenticated RCE vulnerability, dubbed "React2Shell" (CVE-2025-55182), affecting React Server Components and now under active exploitation by multiple threat actors, including state-sponsored groups. Other major developments include the DeadLock ransomware using a novel "Bring Your Own Vulnerable Driver" technique to disable EDRs, the evolution of IAB Storm-0249's tactics, and a new "code-to-cloud" attack vector abusing leaked GitHub Personal Access Tokens. The brief details these threats, provides technical analysis, and offers actionable mitigation strategies for defenders.

Today New Articles

DeadLock Ransomware Uses Vulnerable Baidu Driver to Blind EDRs

A new DeadLock ransomware campaign is leveraging a novel "Bring Your Own Vulnerable Driver" (BYOVD) loader to exploit a vulnerability (CVE-2024-51324) in a legitimate Baidu Antivirus driver, `BdApiUtil.sys`. This technique allows the threat actors to terminate...

Code-to-Cloud Attacks: Leaked GitHub Tokens Become Keys to the Kingdom

Security researchers at Wiz have detailed an emerging "code-to-cloud" attack vector where threat actors leverage compromised GitHub Personal Access Tokens (PATs) to pivot from code repositories directly into production cloud environments. By abusing the trust...

New 'Broadside' Botnet Exploits DVRs to Target Maritime Logistics

A new, sophisticated variant of the Mirai botnet, dubbed "Broadside," is actively exploiting a command injection vulnerability (CVE-2024-3721) in TBK Digital Video Recorder (DVR) devices. According to research from Cydome, the campaign specifically targets the...

AI Threat Hunting Exposes 'GhostPenguin,' a Linux Backdoor Undetected for Months

Researchers at Trend Micro have discovered "GhostPenguin," a sophisticated, multi-threaded Linux backdoor written in C++. The malware remained completely undetected on VirusTotal for over four months after its initial submission. It was ultimately found using...

Vishing Attackers Impersonate IT on Teams, Trick Users into Running Fileless Malware

A sophisticated vishing (voice phishing) campaign is abusing trusted enterprise tools to deploy stealthy malware. Attackers impersonate IT support staff on Microsoft Teams, convincing users to initiate a Windows Quick Assist session. Once they have remote acce...

IBM Rolls Out Critical Patches for AIX, Cloud Pak, and Other Enterprise Software

IBM has released a wave of security updates addressing vulnerabilities in numerous enterprise products, prompting an advisory from the Canadian Centre for Cyber Security. The bulletins, published between December 1 and December 7, 2025, include critical patche...

Race for Secure Digital Identity Heats Up with New Platforms from IBM and Turing Space

The digital identity space is seeing rapid innovation as IBM launches "Verify Digital Credentials," a new platform for issuing and authenticating secure digital documents like licenses and academic records. Built on open standards, it aims to reduce breach ris...

Article Updates

Supply Chain Attack: Marquis Software Breach Hits 74 Banks, Akira Ransomware Suspected

Update:New information reveals the Marquis Software breach may affect up to 780,000 customers, an increase from initial estimates. The attack, detected August 14, 2025, specifically exploited SonicWall vulnerability CVE-2024-40766. Reports suggest Marquis may have pa...