CyberNews: 06/12/2025 Edition

Published by Dunateo on 2025-12-06

Today’s roundup

  • Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks
  • Chinese hackers exploiting React2Shell bug impacting countless websites, Amazon researchers say
  • Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails
  • Maximum-severity XXE vulnerability discovered in Apache Tika
  • China-Linked Warp Panda Targets North American Firms in Espionage Campaign
  • Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill
  • Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs
  • Maryland man sentenced for N. Korea IT worker scheme involving US government contracts
  • Designing a Passive LiDAR Detector Device - Hardware
  • FBI warns of virtual kidnapping scams using altered social media photos

    • Summary

    Researchers unveiled "IDEsaster," over 30 vulnerabilities in AI-powered Integrated Development Environments (IDEs) enabling data exfiltration and remote code execution via prompt injection.

    Chinese groups are actively exploiting CVE-2025-55182 "React2Shell," a critical 10.0 CVSS RCE flaw in React Server Components. Reported November 29, CISA added it to KEV. Patching React versions 19.0.1, 19.1.2, 19.2.1 is urgent.

    A zero-click "Google Drive Wiper" attack targets Perplexity's Comet browser, capable of deleting Google Drive contents via crafted emails. It exploits the browser's automation with Gmail/Google Drive.

    A maximum-severity XXE flaw, CVE-2025-66516 (CVSS 10.0), affects Apache Tika's core, PDF, and parser modules. Attackers use crafted XFA files in PDFs for XXE, exposing internal resources. Urgent patches are required.

    CrowdStrike warns of "Warp Panda," a China-linked cyber-espionage group targeting North American firms to steal sensitive data for Beijing.

    Brian Krebs exposed "Nerdify," a $25M academic cheating network tied to Synergy, Russia's largest private university. Led by a Kremlin insider, Synergy reportedly develops combat drones, with Nerdify founders linked to Russian propaganda.

    A dual hacking campaign, from over 7,000 IPs (3xK GmbH, Germany), began December 2, 2025. Attackers are performing login attempts on Palo Alto GlobalProtect portals and scanning SonicWall SonicOS API endpoints, using tooling consistent with a prior brute-force wave.

    A Maryland man was sentenced to 15 months for allowing North Korean nationals to use his stolen identities, facilitating remote IT jobs with 13 companies, including U.S. government contractors.

    Research details designing a passive hardware device to detect iPhone Pro's 60hz, 940nm infrared LiDAR system. This offers new capabilities for identifying active camera/FaceID use for privacy/surveillance detection.

    The FBI warns of virtual kidnapping scams using altered social media images as fake "proof of life" photos to extort ransom, highlighting a significant social engineering threat.

    Want to dig deeper?

    Vulnerabilities

    CVE-2025-55182 Critical
    CVE-2025-66516 Critical