CyberNews: 07/12/2025 Edition

Today’s roundup

Summary

A critical remote code execution flaw, identified as React2Shell (CVE-2025-55182), has been actively exploited by attackers, leading to the compromise of at least 30 organizations across various sectors. Security researchers estimate that over 77,000 Internet-exposed IP addresses remain vulnerable to this RCE flaw. Organizations are urged to patch immediately to mitigate the risk of further breaches.

Researchers have uncovered over 30 security vulnerabilities, collectively named "IDEsaster," impacting various artificial intelligence (AI)-powered Integrated Development Environments (IDEs). These flaws leverage prompt injection primitives alongside legitimate features to facilitate data exfiltration and remote code execution attacks. The discovery highlights emerging security risks in AI-assisted coding tools.

An extensive academic cheating network, operating under brands such as Nerdify and Geekly, has generated nearly $25 million in revenue through exploiting Google Ads. Investigations reveal ties to Synergy, Russia’s largest private university, and its president, Kremlin-connected oligarch Vadim Lobov. Synergy is also implicated in developing combat drones for Russia’s war in Ukraine and has faced accusations of visa scamming.

A dual hacking campaign commenced on December 2, 2025, targeting Palo Alto GlobalProtect portals with login attempts while simultaneously scanning SonicWall SonicOS API endpoints. Threat intelligence firm GreyNoise reported that over 7,000 IP addresses, traced to German hosting provider 3xK GmbH, are involved. This activity reuses identical client fingerprints from a prior brute-force campaign observed between late September and mid-October, indicating consistent attacker tooling despite shifting infrastructure.

Want to dig deeper?

Vulnerabilities