Dec 09, 2025

Email 1:

Subject: Risky Bulletin: APTs go after the React2Shell vulnerability within hours

Summary:

– At least two Chinese APT groups, Earth Lamia and Jackpot Panda, have exploited the newly disclosed React2Shell vulnerability (CVE-2025-55182) in the React Server Components framework.

– Attacks began within hours of disclosure.

– React2Shell is a critical (10/10 severity) deserialization vulnerability allowing unauthenticated remote code execution on affected React server components.

– Over 77,000 React server component instances are exposed on the internet.

– The vulnerability also affects related frameworks like Next.js, Waku, Parcel.js, and Redwood.

– Fixes have been released and CDN providers have deployed mitigations.

– The vulnerability’s popularity and ease of exploitation mean it will be a long-term threat.

– Other significant recent incidents include breaches at companies like Coupang, Gmarket, and Freedom Mobile, and various cybercrime prosecutions and campaigns worldwide.

---

Email 2:

Subject: 77,000-plus IP addresses are vulnerable to maximum severity React2Shell flaws

Summary:

– Security researcher Lachlan Davidson discovered and reported React2Shell, a maximum severity (10/10) remote code execution vulnerability in React Server Components (“Flight” protocol).

– Over 77,000 internet-exposed IP addresses are vulnerable.

– Researchers confirm attackers have already compromised over 30 organizations across multiple sectors.

– The flaw arises from insecure deserialization and allows RCE without authentication.

– Affected React versions include 19.0 to 19.2.0; Next.js versions from 14.3.0-canary to 16.x below patched versions.

– Other frameworks implementing React Server Components, such as Vite, Parcel, Redwood, and Waku, may also be vulnerable.

– Researchers warn against fake proof-of-concept exploits circulating.

– Patches are available and must be applied immediately.

– Additional news includes UK NCSC warning that AI prompt injection threats may be impossible to fully mitigate; Apple and Google issuing spyware warnings; a Japanese high school student arrested for cyberattacks aided by ChatGPT; and the US offering a $10M reward for Iranian hackers linked to IRGC operations.

– Also reported: a critical Apache Tika vulnerability enabling XXE injection and ongoing legal reforms in Portugal providing protections for security researchers.

---

Email 3:

Subject: Cyber AI Virtual Summit – Register Now

Summary:

– The Cyber AI & Automation Virtual Summit is scheduled for December 10-11, 2025.

– The event will explore predictive AI, machine learning, and automation’s applications and implications in cybersecurity.

– Curated sessions aim to educate, inspire, and provoke new thinking about AI-powered enterprise security and adversarial AI threats.

– Registration and agenda available via provided links.

– The event is sponsored and distributed by SecurityWeek.

---

Email 4:

Subject: White House releases National Security Strategy | The CyberWire 12.8.25s

Summary:

– The US White House released the new National Security Strategy outlining global priorities under the Trump administration.

– Key cyber strategy emphasis is placed on economic power, industrial capacity, supply chain control, critical infrastructure resilience, and enhanced network defense and offensive cyber capabilities.

– The strategy promotes public-private partnerships and reducing regulation to foster competitiveness and innovation.

– UK’s NCSC issued a report warning about AI prompt injection attacks manipulating large language models, noting these differ fundamentally from SQL injection and may never be fully mitigated.

– Maryland man sentenced to 15 months prison for identity fraud linked to North Korean nationals who performed unauthorized work for US government contractors.

– Sponsored content for cybersecurity products and upcoming webinars/events are included.

---

Email 5:

Subject: Exploitation of React2Shell Surges

Summary:

– Exploitation of the React2Shell vulnerability has surged recently.

– Google enhanced protections for Chrome Agentic AI against indirect prompt injection attacks.

– Cybersecurity industry news includes large ransomware payments and critical Apache Tika XXE vulnerabilities.

– Cloudflare outage occurred due to React2Shell mitigations.

– Warning about Chinese malware used for long-term persistence on US organizations.

– Additional reporting on cybercrime arrests and research.

– Industry investments, acquisitions, and funding rounds noted.

– Advice and insights about Microsoft 365 backup and AI-enhanced phishing defense.

– Coverage of AI threat detection startups and agentic browser security concerns.

– India reverses decision to mandate preinstalled cybersecurity apps on smartphones.

– The letter includes various other cybersecurity news and updates.

Stay Well!