Critical React2Shell Flaw Under Widespread Attack, CISA Warns of Fortinet Exploit, and AI Fuels Cloud Risk

Publication Date: December 17, 2025

Summary

This cybersecurity brief for December 17, 2025, covers a surge in critical vulnerability exploitation. A CVSS 10.0 flaw in React, dubbed 'React2Shell,' is being widely abused by both state actors and cybercriminals to deploy backdoors and miners. CISA has added a critical, actively exploited Fortinet SSO vulnerability to its KEV catalog. Meanwhile, a new Palo Alto Networks report reveals that rapid AI adoption is massively expanding the cloud attack surface, with 99% of organizations reporting attacks on their AI systems. Other major events include a cyberattack on the French Interior Ministry, a novel 'ConsentFix' phishing technique bypassing MFA to hijack Microsoft accounts, and a large-scale malware alert in New Zealand for Lumma Stealer infections.

Today New Articles

AI Adoption Fuels 'Massive' Cloud Attack Surface Expansion, Palo Alto Networks Report Warns

Palo Alto Networks' 2025 'State of Cloud Security Report' reveals that the rapid adoption of AI is creating an unprecedented expansion of the cloud attack surface. The study, surveying 2,800 security leaders, found that 99% of organizations have had their AI s...

French Interior Ministry Confirms Cyberattack Compromised Email Servers

The French Ministry of the Interior has confirmed its email servers were compromised in a cyberattack detected between December 11 and 12, 2025. Interior Minister Laurent Nuñez stated that attackers stole staff email passwords, allowing them to access an unkno...

New 'ConsentFix' Phishing Attack Hijacks Microsoft Accounts, Bypassing MFA via Azure CLI Abuse

A novel and sophisticated phishing attack dubbed 'ConsentFix' allows attackers to hijack Microsoft accounts without stealing passwords or bypassing multi-factor authentication (MFA). Discovered by Push Security, the browser-native attack tricks users into comp...

New Zealand Launches Massive Public Alert, Warning 26,000 Citizens of Lumma Stealer Malware Infections

In a first-of-its-kind campaign, New Zealand's National Cyber Security Centre (NCSC) is emailing approximately 26,000 people to warn them of potential infection by the Lumma Stealer malware. The potent information-stealing software targets Windows devices to c...

MITRE Extends D3FEND Cybersecurity Framework to Operational Technology (OT)

MITRE has officially extended its D3FEND cybersecurity framework to include Operational Technology (OT), providing a standardized knowledge base of defensive techniques for cyber-physical systems. Announced on December 16, 2025, the NSA-funded initiative aims...

'Operation MoneyMount-ISO' Phishing Campaign Deploys Phantom Stealer via Malicious ISOs

A financially motivated, Russian-language phishing campaign dubbed 'Operation MoneyMount-ISO' is actively targeting finance and accounting departments to deploy the Phantom information-stealing malware. According to researchers at Seqrite Labs, the attack uses...

Article Updates

Storm-0249 Evolves: Access Broker Now Deploys Ransomware with Advanced Stealth Tactics

Update:Push Security has released a new browser-based 'malicious copy-and-paste detection' feature designed to combat 'ClickFix' social engineering attacks. This tool directly addresses the technique where users are tricked into copying malicious code from websites a...