Have you decoded CVE-2025-66478?

We trust our devices to keep our lives organized, from reminders and appointments to birthdays and holidays. But behind that convenience lies an invisible risk. Every time you subscribe to an external calendar, you may be granting an unknown third party the ability to send events directly to your device for as long as the subscription remains active.

The cybersecurity world is currently buzzing about React2Shell (CVE-2025-55182), a critical remote code execution (RCE) vulnerability affecting React and Next.js. The scale of the threat is massive: researchers have already identified over 77,000 vulnerable IP addresses exposed to the internet, and confirmed that state-sponsored actors and opportunistic crypto miners have already breached at least 30 organizations. But if you look closely, this isn't really a story about React.

Researchers at CyberProof warn that threat actors are launching phishing attacks via Microsoft Teams' “Chat with Anyone” feature, which lets external users send direct messages via email addresses. “Microsoft Teams now allows users to send direct chat invitations to any email address, even if recipients aren’t part of a Teams tenant,” the researchers explain.

Implementing Microsoft Purview is not just an IT project – it’s a company-wide transformation that touches nearly every aspect of how your organization manages, protects, and governs data. Success requires aligning diverse perspectives and building consensus across teams. The initial push for Purview can come from many departments. If you are leading the effort, identifying who needs to be involved and understanding why their input matters will be key to driving buy-in and long-term success.

This new guidance amounts to leading Western governments telling OT users (industrial businesses in manufacturing, energy, power, logistics, critical infrastructure, and the like), “Yes, you can use AI in OT, but only if you’re prepared for it to fail and you can recover quickly when it does.”

See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster. Request a Demo Fareed Cheema is the Global Head of Sales Engineering at Torq, leading worldwide pre-sales strategy, execution, and technical innovation. Over the past 3.5 years, he has helped scale Torq’s technical and go-to-market teams while driving customer success in a rapidly changing security automation market.