This week’s episode dives into a packed slate of high-impact cybersecurity threats shaking the industry. We break down React2Shell (CVE-2025-55182) — a rapidly evolving remote code execution flaw driving mass scanning across the internet and prompting CISA to issue an urgent KEV directive. They also unpack Apple’s emergency WebKit zero-day patches and Microsoft’s latest actively exploited kernel and security-bypass vulnerabilities from December Patch Tuesday.

The team explores BRICKSTORM, a stealthy backdoor campaign targeting VMware vSphere hypervisors through fileless techniques and persistent access to virtualization control planes — a growing focus for state-sponsored actors. They then analyze the massive Global Mart data breach, a four-month compromise stemming from a single misconfigured cloud storage bucket.

Tool of the Week spotlights GreyNoise Threat Explorer, a powerful resource for separating malicious activity from internet background noise — especially valuable amid surging React2Shell exploitation.

The episode closes with a look at Phantom Voice, a new wave of AI-generated voice-cloning phishing attacks capable of convincingly mimicking executives to trigger financial fraud and data exposure.

Topics Covered:

• React2Shell RCE and widespread exploitation
• Apple & Microsoft zero-day patches underway
• BRICKSTORM: hypervisor-level persistence against VMware
• Global Mart breach impacting 50M customers
• GreyNoise Threat Explorer
• Phantom Voice AI-driven voice-clone phishing

Stay ahead of emerging threats at infosec.watch and follow us on X, Facebook, and LinkedIn.