Another day, another emergency patch.

Dec 15, 2025

Emergency updates from Apple and Google address critical vulnerabilities. China’s state-backed hackers have been linked to the React2Shell exploits. A serious cyberattack targeted France's Ministry of the Interior. Researchers discovered a giant database with 4.3 billion records exposed online. The MI6 chief warns of escalating threats from Russia. A deep dive into the hacker mindset reveals the dark capabilities within tech companies. Plus, a holiday gift guide to enhance your cybersecurity knowledge!

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

Zero-Days Signal Spyware-Grade Threats

Apple and Google issued emergency patches for actively exploited zero-days in WebKit and Chrome, signaling spyware-grade threats.
Both vendors credited cross-team discovery and widespread exploitation across platforms.

INSIGHT

React2Shell Reveals Large Attack Surface

Google linked five additional China-backed groups to active exploitation of the React2Shell RCE in React/Next.js server components.
The flaw enabled unauthenticated remote code execution and left over 116,000 systems exposed.

ADVICE

Prioritize Atlassian Tika Patches Now

Patch Atlassian products immediately if they use Apache Tika or are server/data-center deployments.
Prioritize fixes for XXE and prototype pollution to prevent RCE and data leaks.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Apple and Google issue emergency updates to patch zero-days. Google links five additional Chinese state-backed hacking groups to “React2Shell.” France’s Ministry of the Interior was hit by a cyberattack. Atlassian patches roughly 30 third-party vulnerabilities. Microsoft says its December 2025 Patch Tuesday updates are breaking Message Queuing. Researchers uncovered a massive exposed database with nearly 4.3 billion professional records openly accessible online. Britain’s new MI6 chief warns of an “aggressive, expansionist, and revisionist” Russia. Monday Business Brief. On today’s Threat Vector, ⁠Michael Heller⁠ from Unit 42 chats with security leaders ⁠Greg Conti⁠ and ⁠Tom Cross⁠ to unpack the hacker mindset and the idea of “dark capabilities”. A cyber holiday gift guide for the rest of us.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector Segment

In this segment of Threat Vector, host ⁠Michael Heller⁠, Managing Editor for Cortex and Unit 42 and Executive Producer of the podcast, sits down with long-time security leaders ⁠Greg Conti⁠ and ⁠Tom Cross⁠ to unpack the hacker mindset and the idea of “dark capabilities” inside modern technology companies. You can listen to their full discussion here. Be sure to catch new episodes of Threat Vector by Palo Alto Networks every Thursday on your favorite podcast app.

Selected Reading

Apple, Google forced to issue emergency 0-day patches (The Register)

Google links more Chinese hacking groups to React2Shell attacks (Bleeping Computer)

French Interior Ministry confirms cyberattack on email servers (Bleeping Computer)

Atlassian Patches Critical Apache Tika Flaw (SecurityWeek)

Microsoft: December security updates cause Message Queuing failures (Bleeping Computer)

16TB of MongoDB Database Exposes 4.3 Billion Lead Gen Records (Hackread)

MI6 chief warns 'front line is everywhere' and signals intent to pressure Putin (The Record)

Saviynt raises $700 million in Series B growth equity financing. (The CyberWire Business Brief)

Last-minute cybersecurity and privacy gifts your friends and family won't hate (This Week In Security)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

Learn more about your ad choices. Visit megaphone.fm/adchoices