React2Shell Exploits & Outlook RCE: December's Browser Security Roundup

React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors

• React2Shell exploitation leverages server-side template injection vulnerabilities in web applications built with React and Next.js frameworks.
• Threat actors are using these flaws to deliver crypto miners and new malware variants across various sectors globally.
• The attacks target the ability to execute code directly on the server, impacting the integrity of web services.

Source: The Hacker News | Date: December 10, 2025

Over 644,000 Domains Exposed to Critical React Server Components Vulnerability

• A critical vulnerability in React Server Components has exposed over 644,000 domains to potential exploitation.
• The flaw allows for arbitrary code execution due to improper handling of server components in React and Next.js applications.
• Web administrators are urged to apply available patches and configurations to mitigate the risk of compromise.

Source: Cybersecurity News | Date: December 10, 2025

North Korean Hackers Deploy EtherRAT Malware in React2Shell Exploits

• North Korean state-sponsored threat actors, specifically the Lazarus Group, are actively leveraging React2Shell exploits.
• These attacks deploy a new custom malware dubbed "EtherRAT" to maintain persistent access and exfiltrate data.
• EtherRAT utilizes the Ethereum blockchain for covert command-and-control (C2) communication, making detection challenging.

Source: Hackread | Date: December 10, 2025

North Korean Hackers Exploit React2Shell Vulnerability in the Wild to Deploy EtherRAT

• North Korean APT groups are actively exploiting React2Shell vulnerabilities in the wild to deploy the EtherRAT malware.
• The attacks primarily target organizations in the cryptocurrency and blockchain sectors.
• EtherRAT provides remote access capabilities, allowing attackers to execute commands and steal sensitive information.

Source: Cybersecurity News | Date: December 10, 2025

EtherRAT Malware Hijacks Ethereum Blockchain for Covert C2 After React2Shell Exploit

• The EtherRAT malware leverages the Ethereum blockchain to establish resilient and covert command-and-control (C2) channels.
• This sophisticated technique makes it difficult for security solutions to detect and block malicious communication.
• The malware is delivered through successful exploitation of React2Shell vulnerabilities, primarily impacting web servers.

Source: SecurityOnline.info | Date: December 10, 2025

Remote Code Execution Vulnerability in React and Next.js Frameworks

• Cisco Security Advisory warns about a remote code execution (RCE) vulnerability affecting web applications built with React and Next.js frameworks.
• The flaw stems from improper handling of server-side components, enabling attackers to execute arbitrary code on the server.
• Organizations are advised to review and apply the latest security updates and best practices for React and Next.js deployments.

Source: Cisco Security Advisory | Date: December 10, 2025

New EtherRAT Backdoor Surfaces in React2Shell Attacks Tied to North Korea

• A new backdoor, EtherRAT, has been discovered in active React2Shell exploitation campaigns linked to North Korean threat groups.
• EtherRAT is designed for persistent access and utilizes the Ethereum blockchain for stealthy command and control.
• The attacks target vulnerabilities in popular JavaScript frameworks, allowing initial server compromise.

Source: Security Affairs | Date: December 10, 2025

Seamless Sign-In: Microsoft WebView2 Gets Entra ID for Enterprise Authentication

• Microsoft WebView2 now supports Entra ID (formerly Azure Active Directory) for enterprise authentication, enabling seamless sign-in experiences.
• This integration allows developers to embed web content with robust identity management directly into native applications.
• The feature enhances security by leveraging centralized identity services for web-based components within enterprise environments.

Source: SecurityOnline.info | Date: December 10, 2025

Microsoft Outlook Vulnerability Allows Remote Code Execution

• A critical vulnerability in Microsoft Outlook allows attackers to execute malicious code remotely.
• The flaw can be triggered simply by replying to a specially crafted malicious email, without direct user interaction beyond the reply action.
• Users are advised to apply the latest security updates from Microsoft to mitigate this remote code execution risk.

Source: Cybersecurity News | Date: December 10, 2025

Microsoft Outlook Flaw Permits Code Execution via Malicious Email Reply

• A vulnerability in Microsoft Outlook permits attackers to execute arbitrary code when a user replies to a malicious email.
• This vulnerability bypasses typical protections as it activates upon the reply action rather than merely opening the email.
• Microsoft has released patches to address this critical flaw, and users are urged to update their Outlook installations immediately.

Source: Security.nl | Date: December 9, 2025

References

1. React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors - The Hacker News
2. Over 644,000 Domains Exposed to Critical React Server Components Vulnerability - Cybersecurity News
3. North Korean Hackers Deploy EtherRAT Malware in React2Shell Exploits - Hackread
4. North Korean Hackers Exploit React2Shell Vulnerability in the Wild to Deploy EtherRAT - Cybersecurity News
5. EtherRAT Malware Hijacks Ethereum Blockchain for Covert C2 After React2Shell Exploit - SecurityOnline.info
6. Remote Code Execution Vulnerability in React and Next.js Frameworks: December 2025 - Cisco Security Advisory
7. New EtherRAT backdoor surfaces in React2Shell attacks tied to North Korea - Security Affairs
8. Seamless Sign-In: Microsoft WebView2 Gets Entra ID for Enterprise Auth - SecurityOnline.info
9. Microsoft Outlook Vulnerability Let Attackers Execute Malicious Code Remotely - Cybersecurity News
10. Microsoft Outlook-lek laat aanvaller code uitvoeren bij reply op malafide e-mail - Security.nl