![Cybersecurity News | Daily Recap [05 Dec 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [05 Dec 2025]")
Daily Recap, exploits ranging from React2Shell flaws in React/Next.js being actively exploited by China-linked groups to a Cloudflare outage caused by emergency patches highlight persistent risks across web infrastructure. BRICKSTORM activity by PRC-linked actors targeting VMware vSphere in U.S. networks, alongside campaigns such as Array Networks gateway exploitation, Sha1-Hulud supply-chain worm, and Intellexa and Predator surveillance tools, illustrate a broad threat landscape. #React2Shell #BRICKSTORM
Vulnerabilities & Outages
- React2Shell flaws in React/Next.js are being actively exploited by China-linked groups and emergency patches caused a major Cloudflare outage with widespread 500 errors β React2Shell, Cloudflare Outage, React2Shell
- Critical RCE in React/Next.js lets attackers run code on servers, expanding the risk from the React2Shell campaign β React RCE
Nation-State Threats
- BRICKSTORM β CISA and NSA warn PRC-linked actors are using BRICKSTORM to gain long-term access and target VMware vSphere environments in U.S. networks β BRICKSTORM, BRICKSTORM, BRICKSTORM
Network Gear Exploits
- An active command injection in Array Networks AG gateways has been exploited since August in Japan, allowing attackers to plant web shells on unpatched devices β Array AG, Array AG, Array Webshells
Spyware & Surveillance
- Intellexa leaks reveal remote-access tooling, zero-days and ad-based delivery vectors used for live surveillance operations β Intellexa Leak, Intellexa Zero-Days
- Predator spyware is now employing a new zero-click infection vector and researchers link sanctioned vendors to an iOS zero-day chain used against Egypt-based targets β Predator Vector, iOS Zero-Day
APT Activity & Phishing
- Calisto (Russia-linked) targeted Reporters Without Borders with custom AiTM phishing and a βmissing fileβ lure, matching broader phishing campaigns attributed to Russia β Calisto, Calisto Phishing
- Patchwork deployed the StreamSpy trojan that hides C2 commands in WebSocket traffic for stealth espionage; Silver Fox used a fake Teams installer to deploy ValleyRAT inside China β active targeted campaigns persist β StreamSpy, ValleyRAT
DDoS & Botnets
- The Aisuru botnet powered a record-breaking DDoS that peaked at roughly 29β29.7 Tbps, marking a new volumetric high for internet-scale attacks β Aisuru 29 Tbps, Aisuru 29.7 Tbps
Supply Chain & Infrastructure Abuse
- Sha1-Hulud resurged as an npm/GitHub worm, infecting ~1,000 packages and adding cross-platform, self-destruct and GitHub Actions RCE features in a large supply-chain campaign β Sha1-Hulud
- Researchers found an Indonesian online gambling network doubling as hidden C2 and anonymity infrastructure abused by threat actors β Gambling C2
- New analysis shows methods for de-anonymizing threat actors using infostealer intelligence and how attackers leverage legitimate IT tools for takeover and persistence β Infostealer Intel, Real IT Tools
Patch & Mitigation
- Google pushed a Chrome update fixing 13 vulnerabilities (including critical CVE-2025-13633 in Digital Credentials) and urges billions of users to update now β Chrome Update
- Microsoft silently mitigated a Windows LNK zero-day (CVE-2025-9491) exploited in active campaigns by state-backed groups, while authorities added two known-exploited flaws to mandatory catalogs and the NCSC expanded proactive notifications for exposed devices β Windows LNK, CISA Catalog, NCSC Notifications
Breaches & Incidents
- Pharma company Inotiv disclosed a data breach following a ransomware attack that exposed sensitive research and personal data β Inotiv Breach
- Accusations and arrests surface over intentional deletion of government FOIA databases: contractors with prior hacking records and two Virginia brothers are tied to wiping dozens of federal databases, raising alarm about insider/contractor risk β Contractors Wipe, Virginia Brothers
Business & Funding
- Lumia Security raised $18M to expand AI security and governance offerings β Lumia $18M
- Helmet Security emerged from stealth with $9M in funding and new product plans β Helmet $9M
- 7AI secured $130M in funding for agentic security technology, and the sector saw ~30 M&A deals in November β 7AI $130M, M&A Roundup
- An MSP-focused anti-sales guide, βGetting to Yes,β and OT password policy guidance published for defenders and service providers β MSP Guide, OT Passwords
Policy, Regulation & Research
- India rolled back an order to preinstall a cybersecurity app on smartphones amid privacy and logistics concerns β India Rollback
- British officials seek to expand facial recognition use while Russia blocks FaceTime and Snapchat over alleged misuse in attacks; NATO ran its largest-ever cyber defense exercise as threats rise β UK Face Recognition, Russia Blocks Apps, NATO Exercise
- Academic and industry research highlights include using poetry to bypass LLM guardrails about 50% of the time and new methods to de-anonymize attackers from infostealer data β LLM Guardrails, De-anonymizing Threats