Shady Panda Hides For Years In Legitimate Browser Extensions: Cybersecurity Today
Description
In this episode of 'Cybersecurity Today,' host Jim Love discusses several significant cybersecurity issues. Highlights include a maximum severity vulnerability in React Server Components dubbed React2Shell (CVE-2025-55182), a recently patched Windows shortcut flaw by Microsoft, and new attacks using the Evilginx phishing platform in schools. Additionally, the show explores a long-running campaign by 'Shady Panda,' which used browser extensions to harvest data, and an unexpected failure by Google's AI tool that led to the deletion of a developer's hard drive. The episode also thanks Meter for their continued support.
00:00 Introduction and Sponsor Message
00:48 React Vulnerability: React2Shell
03:13 Microsoft's Long-Standing Shortcut Flaw
04:50 Evilginx: Bypassing MFA in Education
06:59 Shady Panda's Malicious Extensions
09:13 Google's AI Mishap: Developer's Hard Drive Wiped
11:01 Conclusion and Final Thoughts
United States
