Interesting Cybersecurity News of the Week Summarised – 15-12-2025

I go through about 25 cybersecurity news portals and blogs every week and pull out the most interesting stories. Then I turn them into this short, digestible summary, so you can stay up to date without trying to follow 25 different sources yourself. 😱 My aim is to create a summary that gives you the gist without needing to open up the source article. But if you do want to dig deeper, all the sources covering the event are linked below each story.

If you enjoy these, come back next Monday

or

scroll to the bottom to subscribe to the e-mail newsletter.

1. Urgent Active Exploitation of React2Shell (CVE-2025-55182) RCE Across React Ecosystem

A critical remote code execution vulnerability in React Server Components (CVE-2025-55182), dubbed “React2Shell,” is being actively exploited by automated scanners and multiple threat groups, including China-nexus and North Korean actors. The flaw impacts React, Next.js and other RSC-enabled frameworks. Security researchers report that threat actors are abusing CVE-2025-55182 (“React2Shell”) in React Server Components and related frameworks to install crypto-miners, credential stealers and a variety of backdoors and RATs.  

Key Details

• Over 165,000 vulnerable IPs and 644,000 domains identified by Shadowserver
• Payloads include XMRig, EtherRAT, BPFDoor, PeerBlight, Cobalt Strike, Sliver, NoodleRAT, Kaiji and more
• Initial exploits traced to Chinese and DPRK-linked groups days after public disclosure
• CISA added CVE-2025-55182 to its Known Exploited Vulnerabilities catalog with a December 12 patch deadline

Next Steps

• Upgrade React Server Components to version 19.2.1 or later
• Audit Next.js and container workloads for unauthorized Node.js processes

Read more at Cybersecurity News, SecurityWeek, The Hacker News, Cybersecurity News (Google GTIG), Cybersecurity News, SecurityWeek

2. Gartner Urges Enterprises to Block AI Browsers Over Data Risks

Gartner analysts advise organizations to block AI browsers such as ChatGPT Atlas and Perplexity Comet due to irreversible data exposure, prompt-injection vulnerabilities, and reported flaws in token storage. With AI browsers already in use—up to 10% of employees in some firms—CISOs must enforce network and endpoint controls and restrict pilot projects to low-risk scenarios.

Key Details

• 27.7% of organizations report at least one user with an AI browser installed.
• ChatGPT Atlas stored OAuth tokens unencrypted on macOS, per Teamwin’s disclosure.
• “CometJacking” flaw in Perplexity Comet could exfiltrate data to attacker servers.

Next Steps

• Audit and block unauthorized AI browser installations.
• Update acceptable‐use policies to prohibit enterprise AI browsers.

Read more at CSO Online

3. Microsoft Extends Bug Bounty Program to Third-Party and Open Source Code

Microsoft now rewards critical vulnerability reports on any third-party or open source code affecting its online services under its “In Scope by Default” model, broadening its bug bounty scope for stronger cloud security.

Key Details

• All Microsoft online services are automatically in scope from launch.
• Critical flaws in third-party libraries and open source components now eligible.
• Eliminates product-by-product scope definitions for clearer researcher guidance.
• Part of Microsoft’s Secure Future Initiative to align rewards with real-world risk.

Next Steps

• Evaluate the possibility of extending your own bug bounty program scope to include critical third parties

Read more at SecurityWeek, SiliconANGLE

4. Researchers Jailbreak AI Safety Guardrails Using Poetic Prompts

Researchers demonstrated that reframing dangerous requests as rhyming poetry increases successful jailbreaks from around 8% to 43% on average across 20+ large language models, with some showing up to 100% compliance in single-turn tests. This creative attack vector can coax detailed instructions for malware, CBRN threats, or other harmful content without multi-step manipulation.

Key Details

• 1,200 prompts across 12 hazard categories (CBRN, cyber-offense, hate, privacy, etc.)
• Average Attack Success Rate rose to 43.07% with poetic form versus 8.08% baseline
• DeepSeek (72%) and Google Gemini (66%) most vulnerable; Anthropic & OpenAI saw smaller gains
• Smaller models (e.g., GPT-5 nano, Claude Haiku) showed higher refusal rates than their larger counterparts

Read more at Dark Reading, CSO Online

5. Malicious VS Code Extensions Hide Trojan in Fake PNG to Target Developers

A campaign of 19 rogue VS Code Marketplace extensions active since February 2025 hid a trojan payload inside a fake banner.png file and modified trusted dependencies to execute on IDE startup. 

Key Details

• 19 malicious extensions, all reported to and removed by Microsoft.
• Trojan disguised as banner.png archive, launched via built-in cmstp.exe.
• Attackers tampered with “path-is-absolute” (9 billion+ downloads) and “@actions/io” dependencies.
• Active since February 2025; VS Code malware detections nearly quadrupled year-over-year.

Next Steps

• Audit and whitelist trusted VS Code extension publishers.

Read more at HackRead, Cybersecurity News, BleepingComputer, ReversingLabs Blog

6. Malicious VS Code and IDE Extensions Compromise Developer Environments

Attackers are publishing malicious extensions to VS Code, Cursor AI and other IDE marketplaces, harvesting credentials, screenshots, Wi-Fi passwords and deploying backdoors on developer machines. 

The VS Code extensions masquerade as a premium dark theme and an artificial intelligence (AI)-powered coding assistant, but, in actuality, harbor covert functionality to download additional payloads, take screenshots, and siphon data. The captured information is then sent to an attacker-controlled server.

These payloads bypass Microsoft’s sandbox via geofencing and exploit open marketplaces like OpenVSX that perform little-to-no security review. Compromised developer endpoints now pose a critical supply-chain risk for organizations.

Key Details

• Researcher Mazin Ahmed found “Piithon-linter” passed Microsoft’s security screening, exfiltrating env vars and installing a Merlin C2 agent upon VS Code launch.
• Two extensions—BigBlack.bitcoin-black and BigBlack.codo-ai—stole screenshots, clipboard data, Wi-Fi credentials and browser sessions before Microsoft removed them.

Next Steps

• Audit and remove untrusted VS Code/Cursor AI extensions immediately.
• Enforce an allowlist for IDE extensions and block external marketplaces.

Read more at Cybersecurity News, The Hacker News, HackRead, Bleeping Computer

7. Google Fortifies Chrome’s Agentic AI Against Indirect Prompt Injection Attacks

Google has rolled out a multi-layer security architecture for Chrome’s new agentic AI features to guard against indirect prompt-injection and unauthorized actions. Core elements include a User Alignment Critic, strict origin-set boundaries, user confirmations for sensitive steps, real-time threat detection, and continuous red-teaming.

Key Details

• User Alignment Critic runs after planning, blocks actions not matching the user’s goal.
• Agent Origin Sets separate read‐only and read‐write origins, gating each new site for relevancy.
• Agent requests confirmations before banking or healthcare navigation, password use, purchases, or messages.
• A prompt‐injection classifier runs in parallel to prevent maliciously triggered actions.
• Google is red‐teaming with sandboxed sites and offering up to $20,000 for breach demos.

Read more at SecurityWeek, The Hacker News, CSO Online, Google Security Blog

8. US Treasury: Ransomware Payments Surpassed $4.5 Billion Through 2024

FinCEN’s latest report shows organizations paid over $4.5 billion in ransoms by end-2024, driven by a record $1.1 billion in 2023. Incidents dipped slightly to 1,476 in 2024, but payments remained high at $734 million, with most individual ransoms under $250,000. Financial services, manufacturing and healthcare sectors saw the greatest impact, and Bitcoin continues as the dominant payment currency.

Key Details

• 4,194 ransomware incidents reported Jan 2022–Dec 2024 (1,512 in 2023; 1,476 in 2024)
• Median payment rose from $124K in 2022 to $175K in 2023, then fell to $155K in 2024
• Top affected industries by volume: manufacturing (456), financial services (432), healthcare (389)
• Leading ransomware families: Akira (376 incidents), ALPHV/BlackCat ($395 M paid), LockBit ($252.4 M paid)
• 97% of ransoms paid in Bitcoin, with Tor and email as primary communication channels

Read more at SecurityWeek, The Record, Bleeping Computer

9. ConsentFix Attack Hijacks Microsoft Accounts via Azure CLI OAuth Abuse

A new ConsentFix phishing variant tricks employees into copy-pasting a legitimate Azure CLI OAuth redirect URL from a fake Cloudflare Turnstile page, giving attackers full access to Microsoft accounts without passwords or MFA.

Delivered through compromised high-reputation sites found via Google Search and executed entirely in the browser, this technique evades email filters, endpoint defenses, and leverages implicit trust in first-party apps and legacy OAuth scopes.

Key Details

• Compromised websites show fake Cloudflare Turnstile CAPTCHA for targeted business emails
• Victims paste a localhost redirect URL containing an Azure CLI OAuth code
• No password or MFA required; attacker gains OAuth token via Azure CLI permissions
• Bypasses endpoint detection and email filters using browser-only execution

Next Steps

• Incorporate copy-paste URL phishing scenarios into employee training

Read more at CSO Online, CybersecurityNews, Push Security

10. OpenAI Expands Defense-in-Depth Security to Prevent AI-Powered Cyberattacks

OpenAI has formed a Frontier Risk Council of security practitioners and bolstered its “defense in depth” strategy—adding external red-teaming, tighter guardrails, a trusted access program and an AI-driven code-scanning tool—to prevent its frontier models being misused for zero-day exploits or industrial intrusion. Recognizing AI’s dual-use risk, the company aims to shift capabilities toward defensive applications and strengthen critical-infrastructure resilience.

Key Details

• Frontier Risk Council will advise on safe capability boundaries.
• External red-teaming network assesses model misuse potential.
• Trusted Access Program grants select customers enhanced model use.
• Aardvark Agentic Security Researcher scans codebase for vulnerabilities.

Read more at CSO Online

11. Spike in 2025 GitHub Actions Supply Chain Attacks Highlights Shared Security Responsibility

Supply chain attacks exploiting misconfigured GitHub Actions surged in 2025, enabling threat actors to steal secrets and compromise downstream organizations. At Black Hat Europe, researchers urged a shared security model for open source code to prevent further breaches.

Key Details

• Researchers at Wiz identified major incidents: Ultralytics, Singularity, Shibaud/Shai-Hulud and CVE-2025-30066 (tj-actions/changed-files).
• A compromised GitHub Action exposed secrets—access keys, PATs, npm tokens, private RSA keys—impacting ~70,000 Coinbase customers.
• Threat actors target the CI/CD pipeline by exploiting optional or deprecated GitHub security features.
• “Bystander effect” leaves enterprises reliant on OSS maintainers without direct security oversight.

Next Steps

• Audit Actions workflows for misconfigurations and least-privilege secrets.
• Restrict third-party Action use and enforce strict PAT scopes.
• Integrate automated scans for deprecated or insecure GitHub features.

Read more at Dark Reading

Subscribe

Subscribe to receive this weekly cybersecurity news summary to your inbox every Monday.