Executive Summary A critical security vulnerability, CVE-2025-68260 , has been discovered in the Rust implementation of the Android Binder subsystem within the Linux kernel . This marks the first known CVE affecting Rust code in the Linux kernel, highlighting both the growing adoption of Rust for system-level programming and the importance of rigorous concurrency management even in memory-safe languages. The vulnerability is a race condition in the management of linked lists

Executive Summary A highly targeted and technically advanced campaign orchestrated by the North Korean threat actor Kimsuky has been identified, leveraging QR code phishing to distribute the DocSwap Android malware. This operation primarily impersonates the reputable South Korean logistics provider CJ Logistics , tricking users into installing a trojanized delivery tracking application. The attack chain is distinguished by its seamless integration of social engineering, QR

Executive Summary Cisco has issued an urgent security advisory regarding an actively exploited, unpatched zero-day vulnerability (CVE-2025-20393, CVSS 10.0) in Cisco AsyncOS software, which underpins the Cisco Secure Email Gateway (SEG) and Cisco Secure Email and Web Manager (SEWM) appliances. This vulnerability, rooted in improper input validation (CWE-20), allows remote, unauthenticated attackers to execute arbitrary commands as root on the underlying operating system.

Executive Summary The U.S. Cybersecurity and Infrastructure Security Agency ( CISA ) has issued a critical advisory regarding a severe vulnerability in ASUS Live Update , following confirmation of active exploitation in the wild. This vulnerability, cataloged as CVE-2019-12999 and associated with the infamous Operation ShadowHammer, represents a sophisticated supply chain attack in which malicious actors compromised the ASUS software update infrastructure. By injecting troj

Executive Summary A recent surge in cryptomining campaigns has been observed targeting cloud infrastructure, with a particular focus on Amazon Web Services (AWS) environments. Attackers are leveraging stolen AWS Identity and Access Management (IAM) credentials to gain unauthorized access, rapidly deploy compute resources, and execute large-scale cryptomining operations. These campaigns are characterized by their speed, scale, and advanced evasion tactics, resulting in signi

Executive Summary The React2Shell vulnerability, formally identified as CVE-2025-55182 , represents a critical unauthenticated remote code execution (RCE) flaw in React Server Components . Since its public disclosure in early December 2025, this vulnerability has been weaponized by a spectrum of threat actors, including ransomware operators, advanced persistent threat (APT) groups, and financially motivated cybercriminals. The flaw, which carries a maximum CVSS v3.x score of

Executive Summary A sophisticated and persistent credential phishing campaign orchestrated by APT28 - also known as Fancy Bear , BlueDelta , Forest Blizzard , and several other aliases - has been targeting users of the Ukrainian webmail service UKR-net . This campaign, active from at least June 2024 through April 2025, leverages advanced social engineering, multi-stage redirection, and abuse of legitimate cloud and tunneling services to harvest credentials and two-factor auth

Executive Summary A critical zero-day vulnerability chain has been discovered and actively exploited in the wild, targeting SonicWall Secure Mobile Access (SMA) 1000 appliances. The attack leverages two distinct vulnerabilities: a pre-authentication deserialization flaw ( CVE-2025-23006 ) and a local privilege escalation issue ( CVE-2025-40602 ). When chained, these vulnerabilities enable unauthenticated remote attackers to achieve root-level code execution on affected devic

Rescana Threat Intelligence Report: Google Sees 5 Chinese Groups Exploiting React2Shell (CVE-2025-55182) for Malware Delivery Date: December 2025 Prepared by: Rescana OSINT Cybersecurity Research Team Primary Sources: Google Threat Intelligence Group, AWS, SecurityWeek, NVD, Wiz, Trend Micro Executive Summary On December 3, 2025, a critical unauthenticated remote code execution (RCE) vulnerability in React Server Components, tracked as CVE-2025-55182 ("React2Shell"), was

Executive Summary The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities (KEV) catalog, following confirmed reports of active exploitation in the wild. The flaw, tracked as CVE-2018-4063 , enables remote code execution (RCE) via an unrestricted file upload mechanism. This vulnerability is being actively targeted by threat actors, with exploitatio

Rescana Cybersecurity Threat Intelligence Report Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild Date: December 13, 2025 Prepared by: Rescana OSINT Cybersecurity Research Team Executive Summary Apple has released emergency security updates to address two zero-day vulnerabilities in WebKit, the browser engine powering Safari and all browsers on iOS. Both vulnerabilities (CVE-2025-43529 and CVE-2025-14174) have been confirmed as exploited in t

Date: December 2025 Prepared by: Rescana OSINT Cybersecurity Research Team Executive Summary A sophisticated malware campaign is leveraging fake GitHub repositories, masquerading as OSINT (Open Source Intelligence) and GPT utility tools, to distribute a new modular Remote Access Trojan (RAT) named PyStoreRAT . The campaign targets security researchers, developers, and cryptocurrency users, using deceptive social engineering and supply chain tactics to propagate the malware.

Prepared by: Rescana OSINT Cybersecurity Research Team Sources: Cloudflare, Huntress, NVD, Assetnote, Vercel, public threat intelligence feeds Executive Summary The critical React2Shell vulnerability (CVE-2025-55182) in React Server Components (RSC) has been weaponized and is being actively exploited in the wild. Within hours of public disclosure, threat actors—primarily Asia-linked groups—began mass scanning and exploitation campaigns. These attacks have resulted in the de

Rescana Cybersecurity Threat Intelligence Report New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale Date: December 2025 Prepared by: Rescana OSINT Cybersecurity Research Team Primary Sources: The Hacker News , Zscaler ThreatLabz, Barracuda, Abnormal Security, Varonis, ANY.RUN Executive Summary In late 2025, researchers identified a new generation of advanced phishing kits— BlackForce , GhostFrame , InboxPrime AI , and Spiderman —that leve

Executive Summary Recent cybersecurity research has revealed over 30 critical vulnerabilities in leading AI coding tools and inference engines, including Meta Llama LLM , vLLM , NVIDIA TensorRT-LLM , Modular Max Server , Microsoft Sarathi-Serve , and SGLang . These flaws, collectively identified as the "ShadowMQ" pattern, enable remote code execution (RCE) and data theft, representing a significant threat to organizations deploying AI infrastructure. The vulnerabilities prima

Executive Summary A critical XML External Entity (XXE) injection vulnerability, CVE-2025-66516 (CVSS 10.0), has been identified in Apache Tika , a widely used content analysis toolkit. This vulnerability enables unauthenticated attackers to exploit the PDF parsing functionality, leading to arbitrary file disclosure, Server-Side Request Forgery (SSRF), and, under certain conditions, remote code execution. The flaw is present in multiple Apache Tika modules, including tika-co

Executive Summary A critical zero-click vulnerability has been identified in agentic browsers, most notably the Perplexity Comet Browser , which enables attackers to delete the entire contents of a victim’s Google Drive using only a carefully crafted email. This attack leverages the natural language processing capabilities of AI-powered browser agents, which, when granted OAuth access to Gmail and Google Drive , can autonomously interpret and execute instructions embedded i

Executive Summary Barts Health NHS Trust has disclosed a significant data breach following the exploitation of a zero-day vulnerability in Oracle E-Business Suite by the Cl0p ransomware group. The breach resulted in the theft and subsequent dark web exposure of files containing personal and financial information of patients, former staff, and suppliers. The attack was limited to business systems, specifically those handling invoicing and accounting, and did not impact elect

Executive Summary The React2Shell vulnerability, tracked as CVE-2025-55182, represents a critical unauthenticated remote code execution (RCE) flaw in React Server Components and frameworks such as Next.js . This vulnerability is being actively exploited in the wild, with over 77,000 Internet-exposed IP addresses confirmed as vulnerable and at least 30 organizations already breached. The exploitation campaign is notable for its rapid weaponization by advanced persistent thre

Executive Summary Dartmouth College has confirmed a data breach following an extortion attack by the Clop ransomware group, which exploited a zero-day vulnerability in the Oracle E-Business Suite (EBS) platform. The breach resulted in the unauthorized exfiltration of files containing names, Social Security Numbers, and, in some cases, financial account information of at least 1,494 individuals, with the actual number of affected persons likely higher. The attack occurred be