Daily Security Briefing #094

December 5, 2025 | Read Online

Critical React2Shell and Apache Tika vulnerabilities, MuddyWater’s new UDPGangster backdoor, and the largest U.S. telecom hack analyzed…

Executive Summary

Today’s cybersecurity landscape is marked by several critical vulnerability disclosures and advanced threat actor activities. The high-severity React2Shell and Apache Tika zero-day flaws demand immediate attention from organizations relying on these widely used technologies. Meanwhile, the MuddyWater group has intensified its espionage efforts with a sophisticated new UDPGangster backdoor targeting Windows systems across multiple countries. The review of the largest telecommunications attack in U.S. history uncovers the scope and coordinated response efforts by national agencies. Additionally, updates from the popular Metasploit Framework highlight new exploit modules available for recent vulnerabilities. Threat actors continue leveraging USB drives for cryptomining malware campaigns, emphasizing persistent risks at the endpoint level.

Top Articles

Voices of the Experts: What to Expect from Our Predictions Webinar
Rapid7 gathers cybersecurity leaders annually to discuss emerging threats and trends. The 2026 predictions include expanding attack surfaces, accelerated zero-day exploitations, and evolving SecOps roles under shifting regulations. Last year’s insights were notably prescient, setting a high bar for this year’s strategic outlook.
Rapid7

Metasploit Wrap-Up 12/05/2025
This week’s Metasploit release features new modules exploiting two Twonky Server vulnerabilities allowing extraction of admin credentials from logs without authentication (CVE-2025-13315 and CVE-2025-13316). Contributions also include reverse shell payloads targeting RISC-V architectures. These tools enhance penetration testers’ capabilities to validate recent critical flaws.
Rapid7

What is “React2Shell” (CVE-2025-55182) – in Plain English – and Why Check Point CloudGuard WAF Customers Carried on with Their Day
A critical zero-day vulnerability rated CVSS 10.0 was disclosed affecting the React framework’s new server features. The bug, known as React2Shell, enables remote code execution without restrictions. Check Point CloudGuard WAF users were protected in advance, underscoring the importance of proactive defense mechanisms against rapidly emerged threats.
Check Point

Friday Squid Blogging: Vampire Squid Genome
The vampire squid, an unusual deep-sea cephalopod, has the largest known cephalopod genome sequenced to date, exceeding 11 billion base pairs. This unique creature provides valuable insights into cephalopod evolution and genetics, highlighting the diversity of marine life at genomic scale.
Schneier

The Largest Telecommunications Attack in U.S. History: What Really Happened—And How We Fight Back
A massive cyber espionage campaign struck 80 telecommunications providers globally, including many in the United States, marking an unprecedented breach scale. The coordinated Operation Enduring Security Framework led by NSA, Pentagon, and CISA exemplifies the rising complexity of state-sponsored cyber threats and the critical need for cooperative defense strategies.
Check Point

Threat Actors Distribute CoinMiner Malware through USB Drives to Infect Workstations
Attackers continue to exploit removable media as infection vectors for cryptomining malware. Recent campaigns use social engineering and evasion techniques to deploy CoinMiner strains mining Monero persistently on Windows workstations, illustrating evolving tactics that bypass traditional endpoint security measures.
GB Hackers

MuddyWater Hackers Use UDPGangster Backdoor to Bypass Network Defenses on Windows
The MuddyWater APT has introduced UDPGangster, a UDP-based backdoor that evades conventional network defenses. Targeting users in Turkey, Israel, and Azerbaijan, it’s delivered via spear-phishing emails embedding VBA macro-laden Word documents to execute encoded payloads, confirming threat groups’ continued innovation in intrusion methods.
GB Hackers | CyberPress

Avast Antivirus Sandbox Vulnerabilities Let Attackers Escalate Privileges
Security analysis revealed four kernel heap overflow vulnerabilities (CVE-2025-13032) in Avast Antivirus’s kernel driver. These flaws enable attackers to gain elevated privileges and potentially full system control, stressing the importance of patching endpoint protection tools which can ironically be attack victims themselves.
CyberPress

Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails
A novel zero-click attack against Perplexity’s Comet browser allows attackers to automate destructive actions such as wiping Google Drive contents through crafted emails. This vulnerability exploits granted permissions between Gmail and Google Drive services, posing a substantial risk to cloud data security without requiring user interaction.
The Hacker News

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch
Apache Tika suffers a critical XML External Entity injection vulnerability rated at the highest severity (CVSS 10.0). This flaw affects multiple core modules and platforms, allowing attackers to access sensitive data or execute arbitrary code, necessitating immediate patching for all users of the widely adopted content analysis toolkit.
The Hacker News

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.