SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 variant; react2shell exploits; notepad++ update hijacking; macOS priv escalation
Dec 11, 2025
Discover a potential new variant of an exploit targeting Kubernetes OS command injection. Dive into the React2Shell vulnerability, along with tactical advice on filtering Next.js headers. Learn about the recent Notepad++ update hijack and the importance of verifying software signatures. Uncover a new privilege escalation vulnerability in macOS that remains unpatched. Stay informed on the latest threats and protective measures in the ever-evolving landscape of cybersecurity!
AI Snips
Chapters
Transcript
Episode notes
Possible CVE-2024-9042 Exploit Variant
- A honeypot captured HTTP requests suggesting a variant of the CVE-2024-9042 Kubernetes OS command injection.
- The payload used the same $() shell expansion pattern and ended with a static "/logs/" path, hinting at a related or modified exploit.
React2Shell Targets RSCs, Not Just Next.js
- React2Shell (CVE-2025-55182) attacks mostly target Next.js but the root issue is in React Server Components.
- Exploits can work outside Next.js with modifications, so filtering solely on Next.js headers is insufficient.
Use Filters As A Stopgap, Patch Permanently
- Use WAF filters to block obvious React2Shell probes but treat them as temporary mitigations.
- Prioritize patching and comprehensive fixes instead of relying on filters as a long-term solution.