Daily Security Briefing #093

December 4, 2025 | Read Online

React2Shell RCE exploit, PickleScan 0-days in AI model scanning, Silver Fox ValleyRAT malware campaign…

Executive Summary

Today’s cybersecurity landscape reveals continuing challenges with critical vulnerabilities and emerging threat vectors. The disclosure of the React2Shell unauthenticated remote code execution (RCE) vulnerability in React Server Components highlights the persistent risk in widely used web frameworks. Meanwhile, zero-day vulnerabilities in PickleScan, a machine learning model scanner, expose blind spots in AI security defenses, raising concerns about supply chain attacks via malicious ML models. Phishing attacks continue to surge dramatically, disproportionately targeting corporate users. Additionally, threat actors like Silver Fox are increasingly leveraging sophisticated social engineering campaigns to deploy malware. Organizations must enhance resilience through proactive vulnerability notifications, elevated zero trust architectures, and stronger password enforcement to protect critical infrastructure.

Top Articles

React2Shell (CVE-2025-55182) - Critical unauthenticated RCE affecting React Server Components
Meta disclosed a critical remote code execution vulnerability dubbed React2Shell, affecting React Server Components and Next.js (CVE-2025-55182). A weaponized proof-of-concept exploit has been publicly released, amplifying risk. This vulnerability allows unauthenticated attackers to execute arbitrary code, posing severe threats to web applications relying on these frameworks.
Rapid7

PickleScan Uncovers 0-Day Vulnerabilities Allowing Arbitrary Code Execution via Malicious PyTorch Models
JFrog Security Research identified three zero-day flaws in PickleScan, a standard tool for scanning machine learning models. These vulnerabilities enable attackers to bypass malware detection entirely and execute arbitrary code through malicious PyTorch models. This exposes critical risks to ML supply chains, potentially enabling large-scale compromise of AI deployments.
GBHackers | CyberPress

Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China
The Silver Fox threat group has launched a deceptive campaign mimicking Russian actors, distributing ValleyRAT malware via SEO-poisoned fake Microsoft Teams installers in China. This social engineering tactic targets enterprise users to gain persistent access through malicious trojans disguised as legitimate software updates.
TheHackerNews

SpyCloud Data Shows Corporate Users 3x More Likely to Be Targeted by Phishing Than by Malware
New data reveals a 400% year-over-year increase in phishing attacks, with corporate employees being three times more likely targets than for malware. This surge underlines the urgency for improved identity protection and real-time monitoring in organizational environments to mitigate phishing’s growing impact.
GBHackers

Multiple Synology BeeStation Vulnerabilities Chained to Achieve Root Privileges by Weaponizing the System’s Task Scheduler
Security researchers detailed a complex three-vulnerability exploit chain in Synology BeeStation NAS devices that allows unauthenticated attackers to gain root access by abusing the system’s task scheduler. The exploit demonstrates how low-severity bugs can combine into a critical attack vector demanding immediate patching.
CyberPress

Defend Against the Latest Cyber Threats with AI Security and Expanded Zero Trust for Hybrid Mesh Cloud and On-Prem Firewalls
Checkpoint announced Quantum Firewall Software release R82.10, enhancing AI-driven security and simplifying Zero Trust enforcement across hybrid cloud and on-premises environments. This update helps organizations securely adopt AI tools while protecting distributed networks from evolving threats.
Checkpoint

NCSC’s ‘Proactive Notifications’ warns orgs of flaws in exposed devices
The UK’s National Cyber Security Center (NCSC) is piloting Proactive Notifications, a service that alerts organizations to vulnerabilities in exposed systems. This initiative aims to improve risk awareness and prompt timely remediation in UK enterprises.
BleepingComputer

How strong password policies secure OT systems against cyber threats
As operational technology (OT) environments often suffer from weak password controls and legacy systems, Specops Software emphasizes that enforcing strong password policies and continuous compromised credential checks are crucial for securing critical infrastructure assets.
BleepingComputer

From Policy to Practice: Why Cyber Resilience Needs a Reboot
Rapid7 experts discuss how current cybersecurity regulations often fail to reflect real-world risk dynamics. The conversation calls for a reboot of cyber resilience approaches to bridge the gap between policy and operational security effectiveness.
Rapid7

5 Threats That Reshaped Web Security This Year [2025]
This year saw AI-powered attacks, advanced injection techniques, and widespread supply chain compromises redefine web security. The article outlines five major threats that forced security professionals to fundamentally adjust defensive strategies in 2025.
TheHackerNews

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.