A Live Stream From inside Lazarus Group – 2025-12-08

Dec 11, 2025

Dive into a lively discussion filled with cybersecurity humor and chaos as the team tackles the React2Shell vulnerability and its implications. They uncover Lazarus Group's sneaky IT recruiting tactics, complete with webcam leaks. The hosts critique the hiring practices that led to contractors wiping government databases. Apple’s defiance against pre-installing a government app in India sparks a debate on privacy, and Russia's blocking of FaceTime raises concerns about state surveillance. Plus, the shocking truth about a smart toilet camera marketed as secure!

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ADVICE

Patch And Monitor Next.js Deployments

Patch Next.js and related dependencies promptly, especially if you're on modern 14.x–16.x releases.
Monitor for unexplained process activity and environment variable access that indicate RCE activity.

INSIGHT

Next.js Deserialization RCE Risk

React2Shell exposed a chained deserialization RCE in common Next.js deployments, letting attackers run code in Node processes.
Patching Next.js versions and monitoring for unusual env-variable access are key mitigations.

ANECDOTE

Lazarus Used Normal-Looking Recruiters

Any.run's sandboxing revealed Lazarus operatives posing as IT recruiters and using Calendly and GitHub to recruit and run remote workers.
Hayden and John noted the threat actors looked like ordinary nine-to-five people in the leaked webcam screenshots.

Get the Snipd Podcast app to discover more snips from this episode

Get the app