December 6, 2025

Hello all,

What started out as a quiet week was rudely interrupted on Wednesday by a major vulnerability reveal in React Server Components. More on that in a moment.

Headline NEWS:

• Google Android had a major vulnerability fix version come out this past week, plugging 107 defects, including two zero-day vulnerabilities that CISA has added to their Known Exploited Vulnerabilities (KEV) catalog and is requiring all federal agencies to patch by December 23rd. I personally used to buy inexpensive brand Android phones; however, the lack of security updates for those phones, and their dubious provenance have shied me away from them toward known major brands that promise several years of support and regular security updates. If you’re using an out-of-support mobile phone, replace it. The drive-by malware out there is not worth the gamble to you or your enterprise.
• Google Chrome had 13 vulnerabilities patched; several are critical and require immediate attention. Make sure that your Chromium based browsers are on the latest version to keep from becoming a victim of some enterprising dirtbag.
• Microsoft is hiking prices. This headline shouldn’t surprise anyone, since they already did that to consumers earlier in the year. This increase announcement is that Big Redmond feels that they need more from their enterprise clients. On a positive note, several plans will receive enhanced security features as part of the subscription. Depending on the plan, the price may increase from 5.26% to 33.33%. The change is to go into effect in July 2026. Make sure you check the article for details and consult official Microsoft resources for more information.
• React2Shell is the name given to the newly revealed critical defect in the React Server Components (RSC) ‘Flight’ protocol. This vulnerability affects next.js, react-router, waku, redwood sdk, and a bunch of plugins. Active exploitation attempts started a mere few hours after initial disclosure. Researchers at Wiz report that 39% of cloud environments appear to be susceptible to this new attack. It cannot be stressed highly enough for you to vet your environment for these components and patch them to fixed versions. If you lived through the Christmas gift that was Log4Shell, you know how serious this type of vulnerability can be. Don’t wait.

In Ransomware, Malware, and Vulnerabilities News:

• Researchers Capture Lazarus APT’s Remote-Worker Scheme Live on Camera is a truly fascinating look into how this evil organization operates and how they continue to evolve.
• Browser extensions pushed malware to 4.3M Chrome, Edge users is an almost unbelievable hack pulled off by Chinese nation-state actors. By releasing, enhancing, and supporting seemingly legitimate and genuinely useful and helpful plugins for years, without a hint of foul-play, the hackers built up trust with the community of users. Until one day, malicious code was slipped in that began surreptitiously collecting information from users’ computers and sending it to China. Well played PRC.

In Other News Events of Note and Interest:

• India attempted to force phone manufacturers to install government software. Thankfully, Apple flat-out refused to install their “Sanchar Saathi security app” and India’s Ministry of Communications backpedaled on Wednesday explaining that they were just trying to keep their citizens safe.

Musings:

The amount of AI agentic items that are flooding into my newsfeed lately seems like a tsunami, I suspect part of it is due to my viewing of those articles and my feed choices being optimized. But that’s not the entire picture. There is a marked uptick in AI agents everywhere for everything. The bandwagon is out in force, attracting people to it. I encourage you to take a pause before you install or interact with the latest helpful agent. Who wrote it, what are the motivations behind the developer, and what is the real-world chance that this particular agent, that you may grow to rely on, will be around and continue to receive support? Sometimes the bandwagon is lively with excitement because it is rolling down a hill, picking up speed before it reaches the cliff.

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild
• Chrome 143 Released With Fix for 13 Vulnerabilities that Enables Arbitrary Code Execution
• Microsoft announces major Microsoft 365 commercial price hike effective 2026
• Microsoft Adds Intune Suite Features to Microsoft 365 E3/E5 Plans
• Critical Security Vulnerability in React Server Components
• React2Shell critical flaw actively exploited in China-linked attacks
• Attackers hit React defect as researchers quibble over proof
• 15M Web Services Running Next.js Exposed Over Internet, Active Exploitation Underway 

Ransomware, Malware, and Vulnerabilities News

• Good News, Government News, and Interesting
• Huge cryptomixer takedown sees feds seize over $30milion
• International takedown of cryptocurrency fraud network laundering over EUR 700 million
• Australian Man Sentenced to Prison for Wi-Fi Attacks at Airports and on Flights
• Twins with hacking history charged in insider data breach affecting multiple federal agencies
• Offensive cyber power is spreading fast and changing global security
• Researchers Capture Lazarus APT’s Remote-Worker Scheme Live on Camera
• North Korea lures engineers to rent identities in fake IT worker scheme
• 7 Tbps DDoS Attack Via Aisuru botnet Breaks Internet With New World Record
• Angry Chinese hardware giant takes the US government agency to court; says: Not threat to your national security
• Vulnerabilities and Exploits
• CISA Warns of Android 0-Day Vulnerability Exploited in Attacks
• CISA warns of Chinese “BrickStorm” malware attacks on VMware servers
• Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation
• PoC Exploit Released for Critical Outlook 0-Click Remote Code Execution Vulnerability
• South Korea police say 120,000 home cameras hacked for ‘sexploitation’ footage
• When Hackers Wear Suits: Protecting Your Team from Insider Cyber Threats
• ShadyPanda browser extensions amass 4.3M installs in malicious campaign
• Threat Actors Leveraging Foxit PDF Reader to Gain System Control and Steal Sensitive Data
• Microsoft Teams’ guest chat feature exposes cross-tenant blind spot
• Public GitLab repositories exposed more than 17,000 secrets
• Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages
• Critical Apache bRPC Framework Vulnerability Let Attackers Crash the Server
• Business Continuity Support During the Gainsight Security Advisory
• Microsoft Azure API Management Flaw Enables Cross-Tenant Account Creation, Bypassing Admin Restrictions
• AI agents find $4.6M in blockchain smart contract exploits
• Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails
• Bind Link – EDR Tampering
• Older digital control systems allow in hackers
• How attackers use real IT tools to take over your computer
• Researcher tricks Claude into deploying MedusaLocker ransomware
• Charging Cable that Hacks your Device to Record Keystrokes and Control Wi-Fi
• OpenVPN Vulnerabilities Let Hackers Triggers Dos Attack and Bypass Security Checks
• Hackers can Hijack Your Dash Cams in Seconds and Weaponize it for Future Attacks
• Multiple Django Vulnerabilities Enables SQL Injection and Denial-of-Service Attacks
• Microsoft “mitigates” Windows LNK flaw exploited as zero-day
• Hackers are exploiting ArrayOS AG VPN flaw to plant webshells
• European Engineers Keep Finding a Secret Kill Switch in Chinese Buses
• Proxyearth Tool Lets Anyone Trace Users in India with Just a Mobile Number
• Splunk Enterprise Vulnerabilities Allows Privileges Escalation Via Incorrect File Permissions
• Avast Antivirus Sandbox Vulnerabilities Let Attackers Escalate Privileges
• Phishing, Malware, and similar
• 68% Of Phishing Websites Are Protected by CloudFlare
• SmartTube YouTube app for Android TV breached to push malicious update
• Browser extensions pushed malware to 4.3M Chrome, Edge users
• Glassworm malware returns in third wave of malicious VS Code packages
• New Albiriox Malware Attacking Android Users to Take Complete Control of their Device
• Inside Valkyrie Stealer: Capabilities, Evasion Techniques, and Operator Profile
• Cybercrime Goes SaaS: Renting Tools, Access, and Infrastructure
• Fake Calendly invites spoof top brands to hijack ad manager accounts
• Iran’s ‘MuddyWater’ Levels Up With MuddyViper Backdoor
• Hackers are Moving to “Living Off the Land” Techniques to Attack Windows Systems Bypassing EDR
• North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware
• Over 2,000 Fake Shopping Sites Spotted Before Cyber Monday
• Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems
• Apple security bounties slashed as Mac malware grows
• Beware of the New ‘Executive Award’ Campaign That Uses ClickFix to Deliver Stealerium Malware
• Tomiris Unleashes “Havoc” With New Tools, Tactics
• Millions of Walmart customers victims of major scam
• Predator spyware uses new infection vector for zero-click attacks
• New wave of VPN login attempts targets Palo Alto GlobalProtect portals
• Breaches, Leaks, and Ransomware
• Hackers Allegedly Claim Breach of Mercedes-Benz USA Legal and Customer Data
• Massive Coupang Data Leak Caps Record Year for Cyber Breaches
• French Soccer Federation Hit by Cyberattack, Member Data Stolen
• Dealership vendor 700Credit data breach affects 18,000 stores
• University of Phoenix discloses data breach after Oracle hack
• A data breach at analytics giant Mixpanel leaves a lot of open questions
• University of Pennsylvania confirms new data breach after Oracle hack
• Freedom Mobile discloses data breach exposing customer data
• Ladies’ College Guernsey acts swiftly after security breach
• Marquis data breach impacts over 74 US banks, credit unions
• Fintech firm Marquis alerts dozens of US banks and credit unions of a data breach after ransomware attack
• Deep dive into DragonForce ransomware and its Scattered Spider connection
• ASUS Reportedly Targeted by Everest Ransomware Group in Major Data Theft
• Everest Ransomware Claims ASUS Breach and 1TB Data Theft
• FinCEN: Ransomware Incidents and Payments Dropped in 2024
• Pharma firm Inotiv discloses data breach after ransomware attack
• Barts Health NHS discloses data breach after Oracle zero-day hack
• The Exploitation of Legitimate Remote Access Tools in Modern Ransomware Campaigns 

Other News Events of Note and Interest

• Cool Tool: 3 tools I always keep on my Windows rescue USB that’s saved countless PCs
• Cool Tool: This free, open-source tool can disable internet access for specified apps
• Cool Tool: This free uninstaller removes apps even Windows can’t
• ‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted
• Proxmox delivers its software-defined datacenter contender
• The RAM Shortage Comes for Us All
• RAMageddon: Lenovo and Dell tipped to raise prices soon
• AWS Rolls Out Backstop to Prevent Outages in US-East-1
• AWS announces preview of AWS Interconnect – multicloud
• Google Workspace Updates: Now available: Create AI agents to automate work with Google Workspace Studio
• Meet Google’s own 10 favorite Chrome extensions of 2025
• 5 Threats That Reshaped Web Security This Year
• India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse
• Europe calls for social media ban on teenagers
• Neuralink’s first patient could receive an upgrade
• Facebook and Instagram add new hub to help get hijacked accounts back
• Salesforce’s Marc Benioff Says He Might Rename the Company Agentforce
• Server prices set to jump 15% on memory cost spike
• Gamers confirm frame drops after Windows 11 update that Microsoft won’t acknowledge, but Nvidia has fixed it
• India orders phone makers to preload devices with state-owned cyber safety app
• Apple will reportedly refuse India’s order to preinstall a government app
• India’s government backs down after Apple refuses order to preinstall app
• App Store Accountability Act would make Apple responsible for age checking
• Tor tears out its old relay encryption and drops a tougher system that promises stronger privacy
• People really don’t want Windows 11 on their PCs, says Dell
• I keep these operating systems on a Ventoy USB drive
• The U.S. patent for MP3 audio was granted on this day in 1996 — laid the foundations for peer-to-peer music sharing, iTunes, and today’s streaming services
• Datacenters in space are a terrible, horrible, no good idea
• The Battle Over Africa’s Great Untapped Resource: IP Addresses
• Google Withdraws EU Antitrust Complaint Against Microsoft After New Probe Launched
• Let’s Encrypt to Reduce Certificate Validity from 90 Days to 45 Days
• How CISOs can prepare for the new era of short-lived TLS certificates
• ‘Cassette tape’ made of DNA can store 36 petabytes of data
• TLS 1.3 includes welcome improvements, still has problems
• IBM unveiled its Deep Blue chess supercomputer prototype 30 years ago
• AI, LLM’s, and Skynet
• Google CEO Sundar Pichai warns US must balance AI regulation or fall behind
• State of AI – An Empirical 100 Trillion Token Study with OpenRouter
• China using AI as ‘precision instrument’ of repression
• AI Adoption Rates Starting to Flatten Out
• Leak confirms OpenAI is preparing ads on ChatGPT for public roll out
• 300,000 AI-Animated Poses in an Instant: My Visit to Disney and the New Reality for Cartoons
• OpenAI desperate to avoid explaining why it deleted pirated book datasets
• ByteDance’s TikTok Playbook Is Winning Consumer AI
• Chopping AI Down to Size: Turning Disruptive Technology into a Strategic Advantage
• Mid-size game company in Japan asks potential recruits to draw in front of them to avoid generative AI fraud
• Microsoft
• Proving truly nothing is sacred, Microsoft has included the Copilot AI logo on this year’s ugly Windows Christmas sweater
• Microsoft updates the list of Windows 11 supported processors, makes it very confusing
• Immersive events in Microsoft Teams: Now generally available
• Microsoft kills off Mesh in favor of ‘immersive events’ in Teams
• Microsoft mops up Mesh after another metaverse misfire
• Latest Excel update finally solves a major headache for Windows users
• Microsoft Rewards getting major rework in several regions starting January 2026
• Update to EWS Access for Kiosk / Frontline Worker Licensed Users
• Norway’s $2.1 Trillion Fund Backs Microsoft in Human Rights Vote
• Microsoft 365 license check bug blocks desktop app downloads
• Microsoft says new Outlook can’t open some Excel attachments
• New Microsoft 365 Copilot Features : Survey Agent, Build Forms Inside Chat
• Microsoft says Copilot on Windows 11 is getting “Bye” command, MS 365 Copilot coming to Chrome as an extension
• Microsoft bows to user demand and makes Windows 11’s AI Actions optional
• Microsoft 365 Copilot is now available in GCC-High
• It’s not just you: Windows 11’s new Start menu really is huge
• After 30 years, Microsoft is redesigning the Run dialog box on Windows 11
• Addressing .Net EOL installations for Windows Admins
• Windows 11 adds ‘streaming’ to Notepad: Watch AI type letter by letter
• Microsoft can’t fix Windows 11 because it won’t stop breaking it
• Microsoft confirms Windows 11’s taskbar/explorer crashes and stuttering in games during launch, rolls out fixes
• Windows 11 KB5070311 update fixes File Explorer freezes, search issues
• Windows 11 KB5070311 25H2 upgrades dark mode, direct download links for .msu
• Microsoft confirms Windows 11 KB5071142 issues
• Microsoft admits major Windows 11 25H2 UI features broken too alongside 24H2 on some PCs
• Microsoft now letting all supported PCs install Windows 11 25H2 with a toggle