DiscoverSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)SANS Stormcast Thursday, December 18th, 2025: More React2Shell; Donicwall and Cisco Patch; Updated Chrome Advisory
SANS Stormcast Thursday, December 18th, 2025: More React2Shell; Donicwall and Cisco Patch; Updated Chrome Advisory

SANS Stormcast Thursday, December 18th, 2025: More React2Shell; Donicwall and Cisco Patch; Updated Chrome Advisory

Update: 2025-12-18
Share

Description



Maybe a Little Bit More Interesting React2Shell Exploit

Attackers are branching out to attack applications that initial exploits may have missed. The latest wave of attacks is going after less common endpoints and attempting to exploit applications that do not have Next.js exposed.

https://isc.sans.edu/diary/Maybe%20a%20Little%20Bit%20More%20Interesting%20React2Shell%20Exploit/32578

UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager

Cisco s Security Email Gateway and Secure Email and Web Manager patch an already-exploited vulnerability.

https://blog.talosintelligence.com/uat-9686/

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4

SONICWALL SMA1000 APPLIANCE LOCAL PRIVILEGE ESCALATION VULNERABILITY

A local privilege escalation vulnerability, which SonicWall patched today, is already being exploited.

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019

Google releases vulnerability details

Google updated last week s advisory by adding a CVE to the mystery vulnerability and adding a statement that it affects WebGPU. No new patch was released.

https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_16.html
Comments 
In Channel
SANS Stormcast Thursday, December 18th, 2025: More React2Shell; Donicwall and Cisco Patch; Updated Chrome Advisory

SANS Stormcast Thursday, December 18th, 2025: More React2Shell; Donicwall and Cisco Patch; Updated Chrome Advisory

2025-12-1806:10

SANS Stormcast Wednesday, December 17th, 2025: Beyond RC4; Forticloud SSO Vuln Exploited; FortiGate SSO Exploited;

SANS Stormcast Wednesday, December 17th, 2025: Beyond RC4; Forticloud SSO Vuln Exploited; FortiGate SSO Exploited;

2025-12-1706:38

SANS Stormcast Tuesday, December 16th, 2025: Current React2Shell Example; SAML woes; MSMQ issues after patch;

SANS Stormcast Tuesday, December 16th, 2025: Current React2Shell Example; SAML woes; MSMQ issues after patch;

2025-12-1605:45

SANS Stormcast Monday, December 15th, 2025: DLL Entry Points; ClickFix and Finger; Apple Patches

SANS Stormcast Monday, December 15th, 2025: DLL Entry Points; ClickFix and Finger; Apple Patches

2025-12-1506:45

SANS Stormcast Friday, December 12th, 2025: Local AI Models; Mystery Chrome 0-Day; SOAPwn Attack

SANS Stormcast Friday, December 12th, 2025: Local AI Models; Mystery Chrome 0-Day; SOAPwn Attack

2025-12-1206:56

SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 variant; react2shell exploits; notepad++ update hijacking; macOS priv escalation

SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 variant; react2shell exploits; notepad++ update hijacking; macOS priv escalation

2025-12-1106:58

SANS Stormcast Wednesday, December 10th, 2025: Microsoft, Adobe, Ivanti, Fortinet, and Ruby patches.

SANS Stormcast Wednesday, December 10th, 2025: Microsoft, Adobe, Ivanti, Fortinet, and Ruby patches.

2025-12-1008:04

SANS Stormcast Tuesday, December 9th, 2025: nanoKVM Vulnerabilities; Ghostframe Phishing; WatchGuard Advisory

SANS Stormcast Tuesday, December 9th, 2025: nanoKVM Vulnerabilities; Ghostframe Phishing; WatchGuard Advisory

2025-12-0906:26

SANS Stormcast Monday, December 8th, 2025: AutoIT3 FileInstall; React2Shell Update; Tika Vuln

SANS Stormcast Monday, December 8th, 2025: AutoIT3 FileInstall; React2Shell Update; Tika Vuln

2025-12-0805:34

SANS Stormcast Friday, December 5th, 2025: Compromised Govt System; React Vuln Update; Array Networks VPN Attacks

SANS Stormcast Friday, December 5th, 2025: Compromised Govt System; React Vuln Update; Array Networks VPN Attacks

2025-12-0504:35

SANS Stormcast Thursday, December 4th, 2025: CDN Headers; React Vulnerabiity; PickleScan Patch

SANS Stormcast Thursday, December 4th, 2025: CDN Headers; React Vulnerabiity; PickleScan Patch

2025-12-0406:44

SANS Stormcast Wednesday, December 3rd, 2025: SmartTube Compromise; NPM Malware Prompt Injection Attempt; Angular XSS Vulnerability

SANS Stormcast Wednesday, December 3rd, 2025: SmartTube Compromise; NPM Malware Prompt Injection Attempt; Angular XSS Vulnerability

2025-12-0306:06

SANS Stormcast Tuesday, December 2nd, 2025: Analyzing ToolShell from Packdets; Android Update; Long Game Malicious Browser Ext.

SANS Stormcast Tuesday, December 2nd, 2025: Analyzing ToolShell from Packdets; Android Update; Long Game Malicious Browser Ext.

2025-12-0205:49

SANS Stormcast Monday, December 1st, 2025: More ClickFix; Teams Guest Access; Geoserver XXE Vulnerablity

SANS Stormcast Monday, December 1st, 2025: More ClickFix; Teams Guest Access; Geoserver XXE Vulnerablity

2025-12-0105:42

SANS Stormcast Wednesday, November 26th, 2025: Attacks Against Messaging; Passwords in Random Websites; Fluentbit Vuln; #thanksgiving

SANS Stormcast Wednesday, November 26th, 2025: Attacks Against Messaging; Passwords in Random Websites; Fluentbit Vuln; #thanksgiving

2025-11-2606:07

SANS Stormcast Tuesday, November 25th, 2025: URL Mapping and Authentication; SHA1-Hulud; Hacklore

SANS Stormcast Tuesday, November 25th, 2025: URL Mapping and Authentication; SHA1-Hulud; Hacklore

2025-11-2506:11

SANS Stormcast Monday, November 24th, 2025: CSS Padding in Phishing; Oracle Identity Manager Scans Update;

SANS Stormcast Monday, November 24th, 2025: CSS Padding in Phishing; Oracle Identity Manager Scans Update;

2025-11-2404:59

SANS Stormcast Friday, November 21st, 2025: Oracle Idendity Manager Scans; SonicWall DoS Vuln; Adam Wilson (@sans_edu) reducing prompt injection.

SANS Stormcast Friday, November 21st, 2025: Oracle Idendity Manager Scans; SonicWall DoS Vuln; Adam Wilson (@sans_edu) reducing prompt injection.

2025-11-2114:09

SANS Stormcast Thursday, November 20th, 2025: Unicode Issues; FortiWeb More Vulns; DLink DIR-878 Vuln; Operation WrtHug and ASUS Routers

SANS Stormcast Thursday, November 20th, 2025: Unicode Issues; FortiWeb More Vulns; DLink DIR-878 Vuln; Operation WrtHug and ASUS Routers

2025-11-2006:34

SANS Stormcast Wednesday, November 19th, 2025: Kong Tuke; Cloudflare Outage

SANS Stormcast Wednesday, November 19th, 2025: Kong Tuke; Cloudflare Outage

2025-11-1904:38

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

SANS Stormcast Thursday, December 18th, 2025: More React2Shell; Donicwall and Cisco Patch; Updated Chrome Advisory

SANS Stormcast Thursday, December 18th, 2025: More React2Shell; Donicwall and Cisco Patch; Updated Chrome Advisory

Dr. Johannes B. Ullrich