Patching React2Shell, New AI Controls, and Major Data Exposures

Platform teams moved to harden AI and cloud workflows while emergency patching guidance converged on a critical React Server Components flaw. Google Cloud expanded its Antigravity IDE with Model Context Protocol connectors to enterprise data services, and Microsoft detailed active exploitation, detections, and fixes for CVE-2025-55182, a maximum‑severity issue in React Server Components. Alongside these defenses, several investigations and extortion cases underscored the continuing cost of misconfigurations and third‑party analytics exposure.

Platform defenses and AI runtime controls

Google’s Antigravity integration uses the Model Context Protocol as a standardized interface—described as a kind of “USB‑C for AI”—to discover and securely connect agents to enterprise data services such as AlloyDB for PostgreSQL, BigQuery, Spanner, Cloud SQL, and Looker. Within the IDE, teams can install MCP servers from a store, supply project/region/credential context via UI, and delegate secrets to IAM. Once connected, agents gain auditable tools like list_tables, execute_sql, get_query_plan, run_query, and forecast, shifting from conversational prompts to data‑aware, executable workflows tied to trusted sources.

CrowdStrike introduced Falcon AI Detection and Response (AIDR) to monitor the prompt‑and‑agent layer at runtime—validating MCP communications, blocking unauthorized tool execution, and automatically protecting sensitive data with masking, hashing, and format‑preserving encryption. Findings stream into Falcon Next‑Gen SIEM for correlation and response, and deployment options span browser extensions, SDKs, API gateways, an MCP proxy, and cloud log analysis.

In cloud‑native operations, AWS integrated AWS Certificate Manager with AWS Controllers for Kubernetes to automate certificate provisioning, export (when allowed), secret creation, and rotation for Kubernetes workloads. This removes manual export/import workflows and reduces downtime risk from expired certificates, supporting public exportable certificates for internet‑facing services and private certificates for internal mTLS and service meshes across commercial, GovCloud (US), and China regions.

Advisories and exploited flaws

Microsoft reported CVE‑2025‑55182 (“React2Shell”) as a pre‑authentication remote code execution flaw in server‑side React components and affected Next.js releases, with a CVSS of 10.0. Insufficient validation of serialized payloads enables prototype pollution and code execution with a single crafted HTTP POST. Microsoft observed exploitation beginning December 5, including coin miners, memory‑based downloaders, RATs, ShadowPAD, credential harvesting from cloud metadata services, and persistence through added accounts and RMM tools. The company recommends immediate framework updates to pull patched dependencies, prioritizing internet‑facing assets, applying Defender/MDVM coverage, optionally adding Azure WAF custom rules, and invoking incident response where alerts indicate compromise. Defender XDR detections, hunting queries, Kusto examples, and IOCs support rapid triage.

CSO reported CISA’s urgent directive to patch GeoServer CVE‑2025‑58360, an unauthenticated XXE issue (CVSS 9.8) now in the KEV catalog amid active exploitation. The insecure XML parser can enable file disclosure, SSRF, and denial‑of‑service; internet scans show thousands of exposed instances. Separately, The Hacker News detailed FreePBX fixes for CVE‑2025‑61675 (SQLi), CVE‑2025‑61678 (file upload leading to RCE), and CVE‑2025‑66039 (authentication bypass in legacy AUTHTYPE=webserver configurations when specific advanced flags are enabled). Patches land in FreePBX 16.0.92/17.0.6 and 16.0.44/17.0.23; guidance includes updating, setting Authorization Type to usermanager, disabling override of read‑only settings, rotating credentials and sessions, and investigating for compromise if legacy settings were exposed.

Cloud threat operations and software supply chain

AWS described a years‑long, GRU‑associated campaign prioritizing misconfigured network edge devices—often appliance software on EC2—over zero‑day exploitation. Investigators observed persistent interactive access, credential interception via packet capture, and subsequent credential replay against utilities, energy providers, MSPs, collaboration platforms, source code repositories, and telecommunications firms across multiple regions. AWS notified affected customers, remediated compromised instances, and shared intelligence. Recommended actions include auditing for exposed management interfaces, enforcing MFA, isolating management planes, monitoring for replay patterns, and leveraging VPC Flow Logs, GuardDuty, CloudTrail, and Amazon Inspector.

In parallel, AWS Security recapped responses to npm campaigns from August to December: a compromised Nx package, the Shai‑Hulud worm and related token‑harvesting activity, an October–November token‑farming wave touching roughly 150,000 packages, and a December “elf‑” cluster. Countermeasures included rapid incident command, sandboxing and AI‑assisted deobfuscation, repository blocklisting, host remediation, anomaly detection improvements, and automatic reporting to OpenSSF. Customers are urged to maintain dependency inventories, monitor continuously, practice credential hygiene, and participate in coordinated disclosure.

At the browser layer, researchers found the "Featured" Urban VPN Proxy extension auto‑updated in July to harvest AI conversations by intercepting fetch() and XMLHttpRequest() and exfiltrating prompts, outputs, session metadata, and model details to remote endpoints. The behavior also appeared in three related extensions from the same publisher. The privacy policy acknowledges collection of AI prompts/outputs for “Safe Browsing” and analytics. The Hacker News notes the large install base and auto‑update posture heighten the risk of sensitive data exposure and stress the need for stricter marketplace scrutiny and enterprise extension governance.

Confirmed incidents and data exposure

BleepingComputer reports 700Credit is notifying more than 5.8 million individuals after a threat actor accessed an API discovered via a compromised integration partner. Investigators concluded certain web‑application records were copied between May and October before the API was terminated; the flaw was failure to validate consumer reference IDs against the original requester. Exposed data includes names, addresses, dates of birth, and Social Security numbers. The company filed notice with the FTC, is offering 12 months of TransUnion identity protection, and advises monitoring and considering freezes.

The extortion of Pornhub centers on a claimed 94GB of historical analytics detailing Premium user activity, tied to a third‑party analytics provider; passwords and payment data were not exposed, according to the company. BleepingComputer notes the dataset includes subscriber emails and event logs capturing searches, views, downloads, URLs, keywords, locations, and timestamps—highly sensitive behavioral telemetry. In Japan, BleepingComputer confirms Askul concluded its October ransomware probe: about 740,000 records were stolen after attackers used stolen administrator credentials at an outsourced partner lacking MFA, disabled EDR, moved laterally, and executed multiple ransomware variants. Shipping remains impacted as system restoration continues.