US cybersecurity officials revealed Thursday that Chinese state-sponsored hackers have been using sophisticated Brickstorm malware to infiltrate critical infrastructure and government networks since at least 2022. The attackers maintain persistent access for an average of 393 days, targeting VMware vSphere and Windows environments while staying hidden in poorly monitored edge devices.

Dozens of US organizations have been compromised, including government agencies, IT firms, and legal services. The malware automatically reinstalls itself if disrupted and allows attackers to steal configuration data, emails, and documents aligned with China's strategic interests. CISA warns this represents an evolution in Chinese cyber tradecraft, with attackers positioning themselves for potential future sabotage operations.

Source: CyberScoop

Cybercriminals are actively targeting Palo Alto Networks' GlobalProtect VPN portals using over 7,000 IP addresses worldwide. The attacks, detected in late November 2025, exploit vulnerabilities in internet-facing VPN gateways through UDP port 4501.

Threat actors are using residential proxies and compromised servers across Asia, Europe, and North America to probe for weak configurations and deploy custom scripts. They're targeting historical flaws like CVE-2024-3400 and misconfigurations that allow unauthorized access.

Palo Alto Networks issued an urgent advisory December 5, recommending multi-factor authentication and firewall restrictions. CISA added related indicators to its Known Exploited Vulnerabilities catalog, giving federal agencies 72 hours to patch.

Source: Cybersecurity News

A Chinese hacking group called Warp Panda has been secretly infiltrating US legal, manufacturing, and tech companies since 2022, staying hidden in networks for up to 400 days. The group uses sophisticated malware called BrickStorm that disguises itself as legitimate VMware processes and automatically reinstalls if detected.

The hackers exploit vulnerabilities in popular business tools like Ivanti VPN devices and VMware servers to gain initial access, then move through networks using stolen credentials. They've also targeted Microsoft Azure environments and government entities across Asia Pacific.

CISA issued an alert Thursday warning that one BrickStorm infection went undetected from April 2024 until September 2025. The persistent attacks appear designed to steal intelligence for China's strategic interests.

Source: Security Week

A devastating vulnerability in React's JavaScript library, dubbed "React2Shell," earned a perfect 10 CVSS severity score and is already under attack by Chinese state-backed groups. CVE-2025-55182 allows unauthenticated remote code execution in React Server Components versions 19.0.0 through 19.2.0.

Amazon's security team spotted exploitation attempts within hours of the December 3rd disclosure, with Earth Lamia and Jackpot Panda among the attackers. The groups are using automated scanning tools and simultaneously targeting other recent vulnerabilities in broad campaigns.

Patches are available for React versions 19.0.1, 19.1.2, and 19.2.1. Organizations should update immediately, as working proof-of-concept exploits are circulating publicly and broader exploitation is expected.

Source: Dark Reading

Britain's cybercrime intervention programme is seeing children as young as seven referred for hacking, with the average age just 15. The National Crime Agency reports year-on-year increases in referrals, mostly gamers aged 10-16, while UK business hack payouts have rocketed 230%.

Former cybercriminals Ricky Handschumacher and Joseph Harris warn the problem is getting worse. Both started hacking as teenagers through gaming - Handschumacher via Halo 3, Harris through Club Penguin at age 12. Gaming serves as a major pathway since 97% of children aged 8-17 participate.

Recent attacks cost millions: Marks & Spencer lost £136m, Jaguar Land Rover's shutdown caused £1.9bn in UK economic disruption. Teenagers were suspects in major cases including Co-op and Transport for London breaches.

Experts say bored, isolated kids seek community and status in hacking forums. The solution requires better cybersecurity career pathways and higher bug bounty payments to compete with criminal profits.

Source: Sky News

A critical vulnerability dubbed React2Shell (CVE-2025-55182) has been discovered in React, the popular JavaScript library powering millions of websites including Airbnb, Instagram, and Netflix. The flaw allows remote attackers to execute code without authentication and affects React versions 19.0 through 19.2.0.

Patches are available in versions 19.0.1, 19.1.2, and 19.2.1. The vulnerability impacts applications using React Server Components, even if they don't implement Server Function endpoints. Security researchers warn that 39% of cloud environments contain vulnerable React instances, with over 968,000 servers potentially at risk.

Major cloud providers including Google, AWS, and Cloudflare have deployed protective measures, while cybersecurity experts expect widespread exploitation attempts soon.

Source: SecurityWeek

CISA issued an urgent alert Thursday about ongoing cyberattacks by Chinese state-backed hackers targeting U.S. government and IT organizations using the sophisticated Brickstorm backdoor. The attackers are specifically going after VMware vSphere environments, where they can steal virtual machine snapshots and create hidden rogue VMs.

The Go-based malware automatically reinstalls itself if disrupted and uses multiple encryption layers to communicate with command-and-control servers. In one documented case, attackers maintained network access from April 11 through September 2, 2024, moving from a web server to domain controllers and eventually VMware systems.

CISA recommends keeping VMware servers updated, monitoring for unauthorized VMs, and blocking external DNS-over-HTTPS traffic to prevent these stealth attacks.

Source: Dark Reading

Cybersecurity agencies from the US, UK, Canada, Germany, Netherlands, and New Zealand have jointly published new guidance for safely integrating artificial intelligence into critical infrastructure systems. The 25-page document outlines four key principles for securing AI in operational technology environments that control power grids, water systems, and other vital services.

The guidance addresses AI's benefits—like predictive maintenance and anomaly detection—while warning about risks including system compromise, safety impacts, and worker skill erosion from over-relying on automation. The principles cover understanding AI risks, defining clear business cases, establishing governance frameworks, and implementing oversight mechanisms with failsafe systems to ensure public safety.

Source: Security Week

A maximum-severity vulnerability in React's Server Components protocol is threatening millions of applications worldwide. The flaw, assigned CVE-2025-55182 and CVE-2025-66478, allows attackers to execute remote code through specially crafted HTTP requests with nearly 100% success rates.

Security researcher Lachlan Davidson discovered the vulnerability, which affects React's default configuration and popular frameworks like Next.js. Wiz research shows 39% of cloud environments are vulnerable to these exploits.

Cloudflare has already deployed protective firewall rules, while hosting providers are implementing temporary fixes. Organizations must immediately upgrade to React versions 19.0.1, 19.1.2, or 19.2.1, and corresponding Next.js updates to prevent potential breaches.

Source: Dark Reading

The Post Office avoided a potential £1.09 million fine after accidentally publishing names and addresses of 502 Horizon scandal victims online last June. The Information Commissioner's Office called the breach "entirely preventable" but issued only a reprimand, saying it didn't meet the "egregious" threshold for fining public bodies.

The leak occurred when staff mistakenly published an unredacted legal settlement document, exposing personal details of operators who had already suffered through wrongful prosecutions. Many victims hadn't even told their families about their cases.

Campaigners slammed the decision as "ludicrous," arguing it gives public organizations a green light to cause harm without real consequences. The Post Office had settled with 555 claimants for £57.75 million in 2019.

Source: The Guardian