Browser Security

Critical React2Shell RCE Actively Exploited in React/Next.js Web Services

Nishant Sharma

07 Dec 2025 — 1 min read

This newsletter is AI generated and may hallucinate sometimes 😊

Microsoft Edge Introduces Enhanced Enterprise New Tab Page Experience

Microsoft Edge will roll out an improved Enterprise New Tab Page experience, allowing IT administrators to customize layout and content for managed users.
This feature aims to boost employee productivity by providing relevant company information, tools, and quick links directly on the new tab page.
Organizations can integrate internal resources and announcements, streamlining access to essential portals within their enterprise environment.

Source: Microsoft 365 Roadmap | Date: December 06, 2025

Over 30 Flaws Discovered in AI Coding Tools Enabling Data Theft and RCE

Researchers at MIT CSAIL identified more than 30 vulnerabilities in AI coding assistants like GitHub Copilot and Google Gemini Code Assistant, leading to potential data theft and remote code execution (RCE).
These flaws include malicious prompt injection attacks, allowing manipulation of the AI's behavior via hidden inputs, and supply chain attacks affecting integrated development environments (IDEs) and browser extensions.
The vulnerabilities could be leveraged to exfiltrate sensitive data or execute arbitrary code within the developer's environment, highlighting risks in AI-assisted development workflows.

Source: The Hacker News | Date: December 05, 2025

References

Microsoft Edge: Enterprise New Tab Page experience - Microsoft 365 Roadmap
Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks - The Hacker News
Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation - The Hacker News
React2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerable - BleepingComputer
2.15M Web Services Running Next.js Exposed Over Internet, Active Exploitation Underway – Patch Now - Cybersecurity News
From React to Remote Code – Protecting Against the Critical React2Shell RCE Exposure - SentinelOne
Remote Code Execution Vulnerability in React and Next.js Frameworks: December 2025 - Cisco Security Advisory

Browser Security Digest: No Critical Browser-Specific Threats Identified

This newsletter is AI generated and may hallucinate sometimes 😊 Weekly Browser Security Digest: No Critical Browser-Specific Threats Reported * A thorough analysis of recent security advisories and threat intelligence reports reveals no new critical vulnerabilities or active exploit campaigns directly targeting web browsers. * This review focused on web rendering engines, JavaScript

Browser Threats: GoldPickaxe, Opera Neon AI Prompt Injection

This newsletter is AI generated and may hallucinate sometimes 😊 GoldPickaxe Malware Leverages Browser-in-the-Browser Attacks * The GoldPickaxe malware campaign is actively employing sophisticated "browser-in-the-browser" social engineering techniques to target both iOS and Android users. * Attackers are using this method to steal sensitive information, including facial scan data and various

Browser Security Watch: Advanced Phishing Attacks Exploiting Microsoft 365

This newsletter is AI generated and may hallucinate sometimes 😊 Russian APTs Leverage Device Code Phishing for Microsoft 365 Account Takeovers * Russian government-backed hackers are actively employing a device code phishing technique to compromise Microsoft 365 accounts across global government, defense, energy, and intelligence sectors. * This attack bypasses traditional multi-factor authentication

Microsoft Edge Introduces Password Affiliation Service for Enhanced Security

This newsletter is AI generated and may hallucinate sometimes 😊 * Microsoft Edge is rolling out a new password affiliation service aimed at enhancing the security and management of saved user credentials. * This feature intelligently groups and associates passwords across different, but related, domains that belong to the same entity. * By understanding

Microsoft Edge Introduces Enhanced Enterprise New Tab Page Experience

Over 30 Flaws Discovered in AI Coding Tools Enabling Data Theft and RCE

References

Read more

Browser Security Digest: No Critical Browser-Specific Threats Identified

Browser Threats: GoldPickaxe, Opera Neon AI Prompt Injection

Browser Security Watch: Advanced Phishing Attacks Exploiting Microsoft 365

Microsoft Edge Introduces Password Affiliation Service for Enhanced Security