Google Finds Five China-Nexus Groups Exploiting React2Shell Flaw
17 December 2025
Perhaps it’s just the time of year where we all start to wind down a bit, or maybe I’m just tired after another massive 12 months, but this week’s vid is way late. Ok, going away to the place that had just been breached (ironic!) didn’t help, but I think in general the pace we’ve maintained this year just needs to come back a bit. That said, I’ll try to get this week’s and next week’s out on time, then it’s off on travels for the next four weeks after that. Stay tuned for more IoT problems in a few days from now 🤦♂️
References
- Sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing
- Spicers Retreats suffered a data breach they attributed back to an attack on the Mews reservation platform (timely, given we had a getaway booked there only a couple of days later)
- We worked through 630 million more passwords provided by the FBI (that includes 46 million we’ve never seen before)
- Hmmm… spam to a Qantas-only email address, wonder where that might have come from? (this should be impossible because there’s an injunction in place 🤦♂️)
About Author
