In this week’s episode of InfoSec.Watch Weekly, Grant Lawson and Sloane Parker take listeners on a guided tour of the entire modern attack surface — from developer laptops to mobile devices to the physical circuit boards inside IoT hardware. Three major security stories illustrate how deeply interconnected and exposed the stack has become.
We begin with React2Shell, a newly surfaced command-injection vulnerability in the widely used react-dev-utils package. Grant and Sloane break down how an attacker can hijack a developer’s workstation simply by manipulating the BROWSER environment variable — turning a harmless npm start command into a reverse shell. The discussion dives into real-world implications: source code theft, credential compromise, CI/CD tampering, and supply chain subversion. The hosts outline the immediate fixes, and the long-term lessons around SCA tooling, EDR visibility on developer endpoints, and securing the build environment itself.
Next, the conversation shifts to two actively exploited Android zero-days uncovered in the latest Android Security Bulletin — one in the kernel and another in the Mali GPU driver. The hosts explain why GPU-level vulnerabilities are so dangerous, enabling screen capture, keystroke interception, and attack overlays at the hardware layer. The pair discuss BYOD risk, commercial spyware operators, and why MDM-powered patch gating and user education remain critical for corporate resilience.
Finally, Grant and Sloane descend to the bottom of the stack with BRICKSTORM, a new piece of destructive malware designed not to steal or encrypt data but to permanently kill hardware. By abusing exposed JTAG debug ports, BRICKSTORM halts the CPU and overwrites the device’s bootloader with garbage — bypassing Secure Boot entirely and rendering the device unrecoverable. The hosts dig into what this means for critical infrastructure, operational technology, IoT fleets, and why cybersecurity strategy must now include physical security, supply chain controls, and hardware tamper protections.
Throughout the episode, a recurring theme emerges: the corporate perimeter no longer exists.
React2Shell targets the dev environment, Android zero-days compromise personal devices tied into corporate systems, and BRICKSTORM attacks the hardware itself. Defense-in-depth isn’t optional — it’s the only workable model across modern organizations.
Tune in for practical insights, technical breakdowns, and the connective tissue between these headline stories.
Follow us on X, Facebook, and LinkedIn — and subscribe at infosec.watch to get every briefing first.