%term

Critical React2Shell RCE Hits React and Next.js (CVE-2025-55182 / CVE-2025-66478)

Dec 19, 2025 By Sanskriti Jain In Astra

React2Shell is a severe remote, unauthenticated RCE vulnerability recently uncovered in React Server Components (RSC) and the Next.js App Router — tracked as CVE-2025-55182, with CVE-2025-66478 later merged as a duplicate — that allows attackers to execute arbitrary code on servers by exploiting insecure Flight protocol deserialization (CWE-502), earning the flaw a maximum CVSS score of 10.0.

Read Post

Astra

Read more about Critical React2Shell RCE Hits React and Next.js (CVE-2025-55182 / CVE-2025-66478)

Brave Search MCP in Action!

Dec 19, 2025 By Snyk In Snyk

Brave Search MCP in Action!

View Video

Snyk

Read more about Brave Search MCP in Action!

Detecting CVE-2025-20393 exploitation: catching UAT-9686 on Cisco appliances

Dec 19, 2025 By David Burkett In Corelight

CVE-2025-20393 is a CVSS 10.0 Remote Code Execution (RCE) flaw in Cisco Secure Email Gateways currently being actively exploited by China-nexus groups. A recent advisory from Cisco Talos details how an actor dubbed “UAT-9686” is leveraging this vulnerability to target Cisco Secure Email Gateways (ESA) and Secure Email and Web Managers (SMA). The attack allows threat actors to execute arbitrary commands with root privileges and deploy persistence mechanisms.

Read Post

Corelight

Read more about Detecting CVE-2025-20393 exploitation: catching UAT-9686 on Cisco appliances

CVE-2025-20393: Threat Campaign Targeting Cisco Secure Email Gateway, Cisco Secure Email and Web Manager

Dec 19, 2025 By Julian Tuin In Arctic Wolf

On December 17, 2025, Cisco published an advisory detailing a new threat campaign identified on December 10, affecting the Cisco AsyncOS software used on Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. The campaign is exploiting an unpatched zero-day vulnerability, which only affects deployments with the Spam Quarantine feature enabled. It allows threat actors to execute arbitrary commands with root privileges on affected devices. This feature is not enabled by default.

Read Post

Arctic Wolf

Read more about CVE-2025-20393: Threat Campaign Targeting Cisco Secure Email Gateway, Cisco Secure Email and Web Manager

An Industry Analyst's Take on Nucleus 3.0

Dec 19, 2025 By Nucleus Security In Nucleus

In this episode of Nucleus Conversations, industry analyst and researcher Jon Oltsik unpacks the current state of exposure management, why so many organizations still struggle to manage cyber risk at scale, and the impact the recent Nucleus 3.0 releases will have for customers.

View Video

Nucleus

Read more about An Industry Analyst's Take on Nucleus 3.0

Bug bounties and broken CVEs with Bryan Brake

Dec 19, 2025 By LimaCharlie In LimaCharlie

Join us for this week's Defender Fridays as we explore bug bounty programs, vulnerability management, and the complexities of the CVE system with Brian Break, a veteran security professional with twenty years of experience across endpoint security, consulting, and product security. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.

View Video

LimaCharlie

Read more about Bug bounties and broken CVEs with Bryan Brake

CVE-2025-14733: WatchGuard Firebox iked Out of Bounds Write Vulnerability Exploited in the Wild

Dec 19, 2025 By Andres Ramos In Arctic Wolf

On December 18, 2025, WatchGuard released fixes for CVE-2025-14733, a critical out-of-bounds write vulnerability in the Internet Key Exchange daemon (iked) process used to establish VPN tunnels in Fireware OS, which powers Firebox firewall appliances. Exploitation of this vulnerability allows a remote, unauthenticated threat actor to execute arbitrary code. WatchGuard has confirmed in-the-wild exploitation in their advisory.

Read Post

Arctic Wolf

Read more about CVE-2025-14733: WatchGuard Firebox iked Out of Bounds Write Vulnerability Exploited in the Wild

CVE-2025-55182: First Days of React2Shell Exploitations

Dec 18, 2025 By João Godinho In BitSight

On December 3rd Lachlan Davidson disclosed an unauthenticated remote code execution vulnerability in React Server Components (RSC) that exploits how React.js (and Next.js) decodes payloads sent to React Server Function endpoints. On December 4th we started observing fingerprinting attempts for these vulnerabilities and on December 5th we started observing exploitation attempts. React.js is used by 66% of the global digital supply, in the top 0.06% of all technologies.

Read Post

BitSight

Read more about CVE-2025-55182: First Days of React2Shell Exploitations

Lazarus Group (APT38 / APT-C-26) Exploits WinRAR Vulnerability CVE-2025-8088 for Archive Poisoning Attacks

Dec 18, 2025 By Foresiet In Foresiet

During routine threat research and monitoring of Chinese-language underground distribution channels, our team identified a malicious RAR archive. Specifically, this archive abuses a critical WinRAR directory traversal vulnerability to achieve arbitrary file write and persistence on Windows systems. To accomplish this, the archive leverages a combination of NTFS Alternate Data Streams (ADS) and directory traversal logic.

Read Post

Foresiet

Read more about Lazarus Group (APT38 / APT-C-26) Exploits WinRAR Vulnerability CVE-2025-8088 for Archive Poisoning Attacks

Looking Ahead to 2026: Why Cyber Economics Will Redefine the CISO's Mandate

Dec 18, 2025 By Jeff Gouge In Nucleus

Cybersecurity in 2026 will be driven by economics. Not hype. Not novelty. Economics. Attackers follow financial incentives and scale their operations faster than most enterprises can defend. CISOs must shift from reporting technical metrics to explaining business impact, guide safe AI adoption as Shadow AI grows, and design programs that emphasize resilience over perfection.

Read Post