Daily Security Briefing #102

December 13, 2025 | Read Online

AI-driven GitHub supply chain attacks, Apple patches zero-day WebKit flaws, React2Shell vulnerability exploited by multiple hacker groups…

Executive Summary

Today’s cybersecurity landscape highlights an alarming rise in AI-powered supply chain attacks targeting developers via compromised GitHub repositories, revealing sophisticated new backdoors like PyStoreRAT. Apple has issued urgent security updates addressing two zero-day WebKit vulnerabilities actively exploited in highly targeted attacks, emphasizing ongoing threats to mobile platforms. Meanwhile, a critical React2Shell zero-day flaw is being widely exploited by multiple hacker groups, underscoring persistent risks in popular web frameworks. Additional developments include new post-exploitation tools, expanding malware campaigns, and the latest Kali Linux release enhancing ethical hacking capabilities.

Top Articles

Researchers and Developers Targeted in AI-Driven GitHub Supply Chain Attack
Morphisec Threat Labs uncovered a complex supply chain attack leveraging AI-generated content and dormant GitHub accounts to deliver PyStoreRAT, a stealthy backdoor with modular and adaptive features. This campaign focuses on compromising researchers, developers, and security professionals by embedding malicious payloads in polished, AI-crafted repositories. Such techniques represent a dangerous evolution in software supply chain threats.
GBHackers | CyberPress

Empire 6.3.0 Released as Updated Post-Exploitation Framework for Red Teams
The latest Empire 6.3.0 update bolsters this popular post-exploitation and adversary simulation framework used by red teams and penetration testers. Written primarily in Python 3, the release enhances modularity and provides encrypted communications via a robust client/server model, facilitating more flexible and secure remote engagements.
GBHackers

Multiple Hacker Groups Exploit React2Shell Vulnerability for Malware Deployment, Google Alerts
Multiple threat actors are actively exploiting CVE-2025-55182, a critical unauthenticated RCE in React Server Components called React2Shell. With a maximum CVSS score of 10.0, this vulnerability affects recent React versions and enables remote code execution, leading to widespread malware deployment. Google Threat Intelligence Group is tracking this high-severity exploit closely.
CyberPress

CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks
CISA added CVE-2018-4063, an unrestricted file upload vulnerability in Sierra Wireless AirLink ALEOS routers, to its Known Exploited Vulnerabilities catalog after confirming active exploitation. This flaw has a high-severity CVSS rating (8.8/9.9) and can allow remote code execution on impacted devices, raising significant concerns for enterprise and industrial IoT security.
TheHackerNews

Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild
Apple released emergency patches across iOS, iPadOS, macOS, tvOS, watchOS, and visionOS to fix two zero-day WebKit vulnerabilities exploited in targeted attacks. The CVE-2025-43529 use-after-free bug enables remote exploitation through Safari and WebKit-based applications, echoing a similar Chrome flaw patched earlier by Google this week.
TheHackerNews | BleepingComputer | GBHackers

Apple Fixes Two Zero-Day Flaws Exploited in ‘Sophisticated’ Attacks
In highly sophisticated, targeted campaigns, Apple’s emergency patches address two zero-day vulnerabilities actively exploited against iPhone and iPad users. Both flaws were weaponized before the release of iOS 26, highlighting ongoing risks to mobile device security and the critical nature of prompt patching.
BleepingComputer

Kali Linux 2025.4 Released Featuring 3 New Hacking Tools and Wifipumpkin3
Kali Linux 2025.4 introduces significant architectural improvements including Kernel 6.16 integration, improved hardware support, and a streamlined toolset focusing on core utilities for ethical hacking. The update also debuts three new hacking tools alongside Wifipumpkin3, enhancing penetration testing and security research workflows.
GBHackers

Hackers Target Windows Systems Using Phantom Stealer Hidden in ISO Files
Seqrite Labs identifies a Russian phishing campaign delivering Phantom Stealer malware hidden in ISO files sent via fake payment confirmation emails. Targeting primarily finance and accounting professionals in Russia, this campaign employs social engineering to steal credentials, cryptocurrency wallets, and sensitive browser data.
GBHackers

Hackers Launch Rust-Based Luca Stealer Targeting Linux and Windows
Highlighting a shift toward modern programming languages, cybercriminals have deployed “Luca Stealer” written in Rust to target both Linux and Windows platforms. This cross-platform info-stealing malware efficiently collects credentials and sensitive information, reflecting evolving malware development trends leveraging Rust’s portability and efficiency.
GBHackers

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.