SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Thursday, December 18th, 2025: More React2Shell; Donicwall and Cisco Patch; Updated Chrome Advisory
4 snips
Dec 18, 2025 Exploit trends are shifting, with attackers honing in on applications that may have been overlooked before. There's an urgent warning about Cisco's email appliances facing a known vulnerability. SonicWall is in the spotlight due to a local privilege escalation issue now being actively exploited. Google has added a new CVE for a previously mysterious vulnerability linked to WebGPU, but no patch is available yet. Best practices for securing administrative access are also discussed, underscoring the need for robust protection.
AI Snips
Chapters
Transcript
Episode notes
React2Shell Variants Target Uncommon Endpoints
- Attackers are varying React2Shell exploits to target nonstandard endpoints and headers beyond Next.js defaults.
- Assume compromise if you still run unpatched vulnerable apps because attackers adapt their probes.
Attackers Shift Tactics After Initial Scans
- Attackers shift scan patterns when earlier, simpler probes exhaust easy targets, seeking diminishing returns elsewhere.
- They adapt URLs and headers to find React server components beyond default Next.js pages.
Disable Internet-Exposed Spam Quarantine
- Check Cisco Secure Email Gateway and Secure Email and Web Manager advisories and apply recommended configuration changes immediately.
- Remove internet exposure of the spam quarantine feature unless explicitly required and monitor for indicators of compromise.