Daily Digest

React2Shell Ignites Global Exploitation Frenzy; Microsoft Patches Actively Exploited Zero-Day

React2Shell Ignites Global Exploitation Frenzy; Microsoft Patches Actively Exploited Zero-Day

December 13, 2025
5 articles (4 new, 1 updated)
15 min read

Summary

This cybersecurity brief for December 13, 2025, covers a critical period marked by widespread, active exploitation of the 'React2Shell' vulnerability (CVE-2025-55182) by both criminal and state-sponsored actors, prompting urgent CISA directives. Concurrently, Microsoft's December Patch Tuesday addressed 57 flaws, including an actively exploited Windows zero-day (CVE-2025-62221). Other major incidents include a new Chrome zero-day on macOS, an unpatched zero-day in the Gogs Git service, a major npm supply chain attack by the 'Shai-Hulud 2.0' worm, and new campaigns from the Makop ransomware group and the Hamas-linked WIRTE APT.

Filter by Category

New Articles (4)

Stealthy NANOREMOTE Backdoor Abuses Google Drive API for C2 Communications

HIGH

New Windows Backdoor 'NANOREMOTE' Leverages Google Drive API for Covert Command and Control

A new and fully-featured Windows backdoor, dubbed NANOREMOTE, has been discovered by Elastic Security Labs. Written in C++, the malware distinguishes itself by using the Google Drive API for all command-and-control (C2) communications, allowing it to blend in with legitimate cloud traffic and evade traditional network security. The malware, which shares characteristics with the FINALDRAFT implant, is capable of reconnaissance, file transfer, and command execution. This tactic poses a significant challenge for organizations, especially those using Google Workspace, as it makes detecting malicious activity within sanctioned cloud services difficult.

December 13, 2025
5 min read
NANOREMOTEBackdoorMalwareGoogle DriveC2 +3 more
Stealthy NANOREMOTE Backdoor Abuses Google Drive API for C2 Communications
Malware
Threat Intelligence
Cloud Security

OpenAI Unveils Strategy to Manage 'High' Risk AI Cybersecurity Threats

INFORMATIONAL

OpenAI Outlines Plan to Mitigate Cybersecurity Risks from Advanced AI Models

OpenAI has announced its strategy for managing the significant cybersecurity risks posed by its increasingly powerful AI models. The company will now treat all future models as potentially 'High' risk under its Preparedness Framework, capable of automating vulnerability discovery and exploitation. Key components of the plan include forming a 'Frontier Risk Council' of external experts, creating a tiered, trusted access program for cyber defense tools, and collaborating with industry partners. The move reflects growing concerns over the potential weaponization of AI for malicious cyber operations.

December 13, 2025
3 min read
AIArtificial IntelligenceOpenAICybersecurity PolicyRisk Management +1 more
OpenAI Unveils Strategy to Manage 'High' Risk AI Cybersecurity Threats
Policy and Compliance
Threat Intelligence

CISA Updates Cybersecurity Performance Goals for Critical Infrastructure

INFORMATIONAL

CISA Releases Updated Cybersecurity Performance Goals (CPGs) for Critical Infrastructure

On December 11, CISA released an updated version of its voluntary Cybersecurity Performance Goals (CPGs), designed to help critical infrastructure operators bolster their defenses. The new version aligns with the latest NIST standards and places a stronger emphasis on governance, accountability, and risk management. The CPGs provide a baseline of measurable cybersecurity actions that organizations, including those in the healthcare sector, can take to protect against common and impactful threats, promoting a more resilient and proactive security posture.

December 13, 2025
3 min read
CISACPGCybersecurity Performance GoalsCritical InfrastructureNIST +2 more
CISA Updates Cybersecurity Performance Goals for Critical Infrastructure
Policy and Compliance
Regulatory

Makop Ransomware Evolves, Using GuLoader and New Exploits in Attacks on India

HIGH

Makop Ransomware Campaign Leverages GuLoader, AgentTesla, and Privilege Escalation Exploits

A new campaign by the Makop ransomware group is primarily targeting enterprises in India, with additional victims in Brazil and Germany. The attackers continue to use brute-force attacks against exposed RDP services for initial access. Once inside, they now use the GuLoader downloader to deliver secondary payloads like the AgentTesla and FormBook infostealers. For privilege escalation, the group is exploiting vulnerabilities like CVE-2025-7771 in the ThrottleStop driver to gain kernel-level access and disable security products before deploying the final ransomware payload.

December 13, 2025
5 min read
MakopRansomwareGuLoaderPhobosRDP +3 more
Makop Ransomware Evolves, Using GuLoader and New Exploits in Attacks on India
Ransomware
Threat Actor
Malware

Updated Articles (1)

Google Patches Eighth Chrome Zero-Day of 2025 Under Active Attack

CRITICAL

Google Issues Emergency Patch for Actively Exploited High-Severity Chrome Zero-Day Vulnerability

Update:

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added the actively exploited Google Chrome zero-day to its Known Exploited Vulnerabilities (KEV) catalog, assigning it CVE-2025-14174. This high-severity flaw, an out-of-bounds memory access issue in ANGLE, is confirmed to specifically impact Chrome browsers on macOS. CISA's listing mandates U.S. federal agencies to patch immediately. All users, particularly those on macOS, are urged to update their Chrome browsers to version 143.0.7499.110 or later to mitigate the threat of remote code execution via malicious webpages. This update formalizes the critical nature and widespread threat of this vulnerability.

December 12, 2025
Updated: December 13, 2025
4 min read
ChromeZero-DayBrowser SecurityEmergency PatchANGLE +1 more
Google Patches Eighth Chrome Zero-Day of 2025 Under Active Attack
Vulnerability
Patch Management

📢 Share This Publication

Help others stay informed about cybersecurity threats