SANS Stormcast Thursday, December 18th, 2025: More React2Shell; Donicwall and Cisco Patch; Updated Chrome Advisory (#)

SANS Stormcast Thursday, December 18th, 2025: More React2Shell; Donicwall and Cisco Patch; Updated Chrome Advisory (#)

Author: Johannes B. Ullrich December 18, 2025 Duration: 6:11
SANS Internet Storm Center's Daily Network Security News Podcast
NewsBusiness
SANS Stormcast Thursday, December 18th, 2025: More React2Shell; Donicwall and Cisco Patch; Updated Chrome Advisory Maybe a Little Bit More Interesting React2Shell Exploit Attackers are branching out to attack applications that initial exploits may have missed. The latest wave of attacks is going after less common endpoints and attempting to exploit applications that do not have Next.js exposed. https://isc.sans.edu/diary/Maybe%20a%20Little%20Bit%20More%20Interesting%20React2Shell%20Exploit/32578 UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager Cisco's Security Email Gateway and Secure Email and Web Manager patch an already-exploited vulnerability. https://blog.talosintelligence.com/uat-9686/ https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4 SONICWALL SMA1000 APPLIANCE LOCAL PRIVILEGE ESCALATION VULNERABILITY A local privilege escalation vulnerability, which SonicWall patched today, is already being exploited. https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019 Google releases vulnerability details Google updated last week's advisory by adding a CVE to the "mystery vulnerability" and adding a statement that it affects WebGPU. No new patch was released. https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_16.html keywords: Google; Chrome; WebGPU; sonicwall; cisco; react2shell

Each weekday morning, Johannes B. Ullrich provides a concise, actionable briefing on the shifting landscape of digital threats and defenses with SANS Internet Storm Center's Daily Network Security News Podcast. Think of it as your first cup of coffee for cybersecurity awareness-a focused, five-minute update that cuts through the noise. The content is shaped by real-time data and analysis from the SANS Internet Storm Center, enriched by questions and experiences shared directly from the community of professionals in the field. You’ll hear about emerging vulnerabilities, active exploits, and practical insights that are both late-breaking and genuinely educational, all delivered in a straightforward, no-frills manner. This podcast serves as a reliable filter, turning the overwhelming flow of security news into a clear, digestible summary that helps you understand current risks and start your day informed. It’s built on a foundation of shared knowledge, where listener contributions actively guide the discussion, making each episode a collaborative reflection of what matters right now in network security.
Author: Language: English Episodes: 100

Official website RSS
youtubelinkedin
SANS Internet Storm Center's Daily Network Security News Podcast
Podcast Episodes

«123456...10»