Security briefing: December 2025

December 2025 saw significant cybersecurity challenges, marked by the emergence of sophisticated threats and vulnerabilities. Notable incidents included the React2Shell vulnerability affecting applications with React Server Components, which required urgent patching and monitoring due to its potential for remote code execution. The BRICKSTORM malware, linked to Chinese state-sponsored actors, targeted Linux-based cloud environments, leveraging advanced techniques to maintain persistent control and evade detection. MongoDB faced the MongoBleed vulnerability, a longstanding data exposure issue at risk of exploitation by unauthenticated attackers, necessitating audits and patching. Additionally, the Sysdig Threat Research Team identified a new threat dubbed EtherRAT, utilizing Ethereum blockchain for command and control, and highlighted payloads from its exploitation of React2Shell. Other security events included a breach at the European Space Agency and a DDoS attack disrupting French postal and banking services. These incidents underscored the ongoing pressure on cybersecurity defenders and highlighted the need for vigilance, resilience, and collaboration in the face of evolving threats.