React2Shell: Technical Deep-Dive & In-the-Wild Exploitation of CVE-2025-55182
#CVE_2025_55182
https://www.wiz.io/blog/nextjs-cve-2025-55182-react2shell-deep-dive

Gogs 0-Day Exploited in the Wild
#CVE_2025_8110 #CVE_2024_55947
https://www.wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit

Threat Spotlight: Storm-0249 Moves from Mass Phishing to Precision EDR Exploitation
#Storm_0249
https://reliaquest.com/blog/threat-spotlight-storm-0249-precision-endpoint-exploitation/

Telegram Passkeys: End of OTP Authentication
#Telegram
https://www.corbado.com/blog/telegram-passkeys

NANOREMOTE, cousin of FINALDRAFT
#REF7707 #NANOREMOTE #WMLOADER
https://www.elastic.co/security-labs/nanoremote

Threat Spotlight: Introducing GhostFrame, a new super stealthy phishing kit
#GhostFrame
https://blog.barracuda.com/2025/12/04/threat-spotlight-ghostframe-phishing-kit

New BYOVD loader behind DeadLock ransomware attack
#DeadLockRansomware #CVE_2024_51324 #EDRGay.exe
https://blog.talosintelligence.com/byovd-loader-deadlock-ransomware/

Return of ClayRat: Expanded Features and Techniques
#ClayRat
https://zimperium.com/blog/return-of-clayrat-expanded-features-and-techniques

SEEDSNATCHER : Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases
#SEEDSNATCHER
https://www.cyfirma.com/research/seedsnatcher-dissecting-an-android-malware-targeting-multiple-crypto-wallet-mnemonic-phrases/

New FvncBot Android banking trojan targets Poland
#FvncBot
https://www.intel471.com/blog/new-fvncbot-android-banking-trojan-targets-poland

China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182)
#JACKPOTPANDA #EarthLamia #CVE_2025_55182
https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/

Dangerous Invitations: Russian Threat Actor Spoofs European Security Events in Targeted Phishing Attacks
#UTA0355
https://www.volexity.com/blog/2025/12/04/dangerous-invitations-russian-threat-actor-spoofs-european-security-events-in-targeted-phishing-attacks/

Critical Security Vulnerability in React Server Components
#CVE_2025_55182
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

Unveiling WARP PANDA: A New Sophisticated China-Nexus Adversary
#WarpPanda #Junction #GuestConduit
https://www.crowdstrike.com/en-us/blog/warp-panda-cloud-threats/

French NGO Reporters Without Borders targeted by Calisto in recent campaign
#Calisto
https://blog.sekoia.io/ngo-reporters-without-borders-targeted-by-calisto-in-recent-campaign/

DNS Uncovers Infrastructure Used in SSO Attacks
#Evilginx
https://blogs.infoblox.com/threat-intelligence/dns-uncovers-infrastructure-used-in-sso-attacks/

MuddyWater: Snakes by the riverbank
#MuddyWater #MuddyViper
https://www.welivesecurity.com/en/eset-research/muddywater-snakes-riverbank/

Small numbers of Notepad++ users reporting security woes
#Notepad++
https://doublepulsar.com/small-numbers-of-notepad-users-reporting-security-woes-371d7a3fd2d9

How a Russian Threat Actor Uses a Recent WinRAR Vulnerability in Their Ukraine Operations
#PrimitiveBear #CVE_2025_6218
https://blog.synapticsystems.de/how-a-russian-threat-actor-uses-recent-winrar-vulnerability-in-their-ukraine-operations/

Russia limits WhatsApp use, claiming it enables terrorism, crime, espionage
#WhatsApp
https://therecord.media/russia-whatsapp-restrictions