Daily Digest

React2Shell Mass Exploitation, Microsoft Zero-Day Patch, and NPM Supply Chain Chaos Dominate Threat Landscape

React2Shell Mass Exploitation, Microsoft Zero-Day Patch, and NPM Supply Chain Chaos Dominate Threat Landscape

December 10, 2025
3 articles (3 new)
10 min read

Summary

This cybersecurity brief for December 10, 2025, covers a period of intense activity, headlined by the widespread, multi-actor exploitation of the critical 'React2Shell' RCE vulnerability (CVE-2025-55182). Other major events include Microsoft's December Patch Tuesday addressing an actively exploited Windows zero-day, a massive NPM supply chain attack dubbed 'Shai-Hulud 2.0' that exfiltrated over 400,000 secrets, and a reported 700% surge in ransomware attacks targeting hypervisor infrastructure. The landscape is further marked by warnings of pro-Russian hacktivists targeting industrial systems and several large-scale data breaches.

Filter by Category

New Articles (3)

Data Disaster: 4.3 Billion Records Leaked from Unprotected MongoDB Instance

HIGH

Massive Data Leak Exposes 4.3 Billion Professional Records, Including LinkedIn Data, from Open MongoDB Instance

One of the largest lead-generation data leaks ever recorded has been discovered by researchers from Cybernews and Bob Diachenko. An unprotected MongoDB instance, left publicly accessible without a password, exposed a staggering 4.3 billion documents, totaling 16.14 terabytes of data. The dataset contains highly detailed and structured professional and corporate intelligence, with much of the information appearing to be scraped from LinkedIn. Exposed data includes names, email addresses, phone numbers, employment history, and LinkedIn profile details. While the database was secured two days after discovery, the unknown duration of its exposure creates a significant risk of this data being used for sophisticated phishing, social engineering, and identity theft campaigns on a massive scale.

December 10, 2025
5 min read
Data LeakData BreachMongoDBMisconfigurationCloud Security +1 more
Data Disaster: 4.3 Billion Records Leaked from Unprotected MongoDB Instance
Data Breach
Cloud Security
Policy and Compliance

OPSEC Fail: North Korean Spy 'Trevor Greer' Exposed by Own Infostealer Infection

MEDIUM

North Korean APT Operator 'Trevor Greer' Unmasked After Infecting Own Machine with Infostealer

In a major operational security (OPSEC) failure, a North Korean state-sponsored hacker was unmasked after accidentally infecting their own machine with commodity infostealer malware like LummaC2. The leaked logs, analyzed by Flashpoint and Hudson Rock, exposed the digital life of an operative using the persona 'Trevor Greer.' The data revealed fake identities, cryptocurrency ventures, and, most notably, a direct link to the $1.5 billion cryptocurrency heist from the exchange Bybit. The actor had registered a phishing domain, 'Bybit-assessment.com,' prior to the attack. This rare glimpse into an APT operator's personal machine highlights that even sophisticated actors make human errors, providing invaluable intelligence for defenders.

December 10, 2025
5 min read
APTNorth KoreaOPSECInfostealerLummaC2 +2 more
OPSEC Fail: North Korean Spy 'Trevor Greer' Exposed by Own Infostealer Infection
Threat Actor
Threat Intelligence
Cyberattack

GrayBravo MaaS Fuels Cybercrime with CastleLoader Malware

MEDIUM

Malware-as-a-Service Operation 'GrayBravo' Supplies CastleLoader to Four Distinct Threat Clusters

The cybercrime ecosystem is becoming more industrialized with the rise of Malware-as-a-Service (MaaS) operations like 'GrayBravo.' According to Recorded Future's Insikt Group, GrayBravo is developing and distributing a sophisticated loader called CastleLoader to at least four separate threat clusters. These clusters then use the loader to deploy various payloads, including RedLine Stealer and NetSupport RAT. The campaigns show specialization, with one group targeting the logistics sector using phishing and social engineering, while another uses Booking.com lures to target the hospitality industry. GrayBravo's operation, which features rapid development and a large infrastructure, exemplifies how MaaS providers empower less-skilled actors to launch effective and widespread attacks.

December 10, 2025
5 min read
MaaSGrayBravoCastleLoaderCybercrimeRedLine Stealer +1 more
GrayBravo MaaS Fuels Cybercrime with CastleLoader Malware
Malware
Threat Actor
Cyberattack

📢 Share This Publication

Help others stay informed about cybersecurity threats