Browser Security Roundup: React2Shell Exploits, Chrome Updates, and iOS Zero-Days

Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT

• Researchers have confirmed the JS#SMUGGLER threat actor group is actively leveraging compromised websites to deploy the NetSupport RAT malware.
• The attack chain involves injecting malicious JavaScript into legitimate websites, which then redirects unsuspecting visitors to pages hosting the RAT payload.
• This campaign highlights a persistent threat vector where client-side browser compromises facilitate the distribution of remote access Trojans.

Source: The Hacker News | Date: December 8, 2025

Critical React2Shell RCE Actively Exploited in Web Frameworks

• A critical Remote Code Execution (RCE) vulnerability, dubbed React2Shell, affecting Meta's React and Next.js frameworks, is being actively exploited in the wild.
• The flaw, which impacts React Server Components, allows attackers to execute arbitrary code, leading to widespread compromise of web applications and potential sensitive data exposure.
• CISA has added this critical vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, urging immediate patching, and Next.js has released a scanner to help detect affected applications.

Source: Cybersecurity News | Date: December 8, 2025

Google Chrome 143 Stable Channel Released with Security Fixes

• Google has released Chrome 143 to the stable channel, addressing several security vulnerabilities to enhance browser protection.
• The update includes fixes for critical and high-severity flaws that could lead to arbitrary code execution and denial-of-service within the browser.
• Users are strongly advised to update their Chrome browsers immediately to version 143 to mitigate risks from these security issues via chrome://settings/help.

Source: The CyberThrone | Date: December 8, 2025

Critical Cal.com Flaw Allows Authentication Bypass via Fake TOTP Codes (CVE-2025-66489)

• A critical vulnerability (CVE-2025-66489) in the Cal.com calendaring platform, with a CVSS score of 9.9, enables attackers to bypass authentication.
• The flaw permits authentication bypass by submitting fake Time-based One-time Password (TOTP) codes, allowing unauthorized access to user accounts.
• The vulnerability affects self-hosted Cal.com instances, and users are strongly urged to apply available patches to prevent exploitation.

Source: SecurityOnline.info | Date: December 8, 2025

Intellexa Predator Spyware Exploited 15 iOS Zero-Days, Including Browser Flaws

• Intellexa, a prominent spyware vendor, has reportedly exploited 15 zero-day vulnerabilities in iOS since 2021 to deploy its Predator spyware.
• These zero-days include critical flaws in popular web browsers like Safari and Chrome, as well as kernel vulnerabilities, used in the "smack" iOS exploit chain.
• The Predator spyware enables extensive data exfiltration from targeted iPhones, highlighting the persistent threat posed by commercial surveillance tools leveraging browser security gaps.

Source: SecurityOnline.info | Date: December 8, 2025

References

1. Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT - The Hacker News
2. Critical React2Shell RCE Vulnerability Exploited in the Wild to Execute Malicious Code - Cybersecurity News
3. CISA Adds Critical React2Shell Vulnerability to KEV Catalog Following Active Exploitation - Cybersecurity News
4. Cloudflare: grote storing veroorzaakt door aanpassing wegens React-lek - Security.nl
5. 'Tienduizenden ip-adressen kwetsbaar door React2Shell-lek' - Security.nl
6. Next.js Released a Scanner to Detect and Update Apps Impacted by React2Shell Vulnerability - Cybersecurity News
7. Remote Code Execution Vulnerability in React and Next.js Frameworks: December 2025 - Cisco Security Advisory
8. AWS: China-linked threat actors weaponized React2Shell hours after disclosure - Security Affairs
9. U.S. CISA adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog - Security Affairs
10. ⚡ Weekly Recap: USB Malware, React2Shell, WhatsApp Worms, AI IDE Bugs & More - The Hacker News
11. Google Chrome 143 Stable Channel Released - The CyberThrone
12. Critical Cal.com Vulnerability Let Attackers Bypass Authentication Via Fake TOTP Codes - Cybersecurity News
13. Critical Cal.com Flaw (CVE-2025-66489, CVSS 9.9) Allows Authentication Bypass by Submitting Fake TOTP Codes - SecurityOnline.info
14. Predator Spyware Company Used 15 Zero-Days Since 2021 to Target iOS Users - Cybersecurity News
15. Spyware Vendor Intellexa Used 15 Zero-Days Since 2021, Deploying Predator via “smack” iOS Exploit Chain - SecurityOnline.info