- Vulnerable U
- Posts
- 🎓️ Vulnerable U | #146
🎓️ Vulnerable U | #146
React and Next.js situation is bad, Malware delivered via ChatGPT and Grok, Fortinet, Ivanti, SAP, and Gogs 0-days, and much more!
Matt Johansen
December 12, 2025
Read Time: 9 minutes
Brought to you by:
Howdy friends!
Was a crazy week for me. First, Sunday we very unfortunately lost our family dog of almost 13 years. She was a beautiful Great Dane and we already miss her terribly. Hug your dogs extra and give them extra peanut butter this week for me.
Next, Cyber Marketing Con came to Austin and I got to speak with Jordyn from Bugcrowd about how I make short form videos about cybersecurity. Not my usual super technical talk, but still fun to jam on stage about something other people found valuable.
Then we had a Vulnerable U party downtown since a ton of my friends and sponsors were in town for the con. Thanks All Out Scale and Miscreants for helping me cover food and the bar for everyone - it was a great time. If you came to say hi, thank you!
 |  |
ICYMI
🖊️ Something I wrote: Did you know there are AI tools out there built specifically for hackers?
🎧️ Something I heard: This Linus Tech Tips interview was super transparent and interesting to me.
🎤 Something I said: this is going to get way worse... (why I think this npm worm situation is just the start)
🔖 Something I read: Bad Opsec Considered Harmful
Vulnerable News
React2Shell has been an absolute mess. The critical RCE bug in React 19 is getting hammered by everyone from Chinese state actors to crypto miners. Everything from North Korean EtherRAT implants to BPFDoor Linux backdoors, Cobalt Strike, and even some fun stuff like PeerBlight and CowTunnel. The usual crypto mining suspects are showing up too, because of course they are.
The speed of exploitation here is pretty impressive in a terrifying way. Chinese actors jumped on this almost immediately after disclosure, and now we've got over 165,000 vulnerable IPs and 644,000 domains out there. CISA was so spooked by the uptick in attacks they moved their federal agency deadline up two weeks.
To add to the mess, as I was writing this up - I saw React announced that during this latest wave of …attention, they’ve found 2 new vulnerabilities that need patching. So even if you already put out last week’s fire, you have a new one. (read more)
Security and GRC teams are drowning in manual compliance work - but the path forward from planning to action can feel ambiguous. Which workflows deliver the fastest value? How should APIs be configured?
Check out this new practical guide to GRC for security leaders by Tines and Drata. Inside you'll find:
Why manual approaches break down
Key use cases for GRC orchestration, including streamlining evidence collection, and audit preparation and response
Metrics of success and a sample ROI model
*Sponsored
Flare put out some research about Docker Hub where they found over 10,000 container images leaking secrets in just one month of scanning. Live credentials to production systems, not just junk tokens. Over 100 organizations were exposed, including a Fortune 500 company and a major bank, with most having zero clue about the breach.
42% of these leaked containers had five or more secrets each, meaning one compromised image could unlock an entire cloud environment. AI API keys were the biggest culprit with nearly 4,000 exposed, showing how fast AI adoption is outpacing security controls. Tons of these leaks came from personal Docker Hub accounts belonging to contractors or employees, completely invisible to corporate monitoring. Even when devs caught their mistakes and removed the secrets, 75% forgot to actually revoke the underlying keys. (read more)
Stanford’s AI hacking bot "Artemis" went head-to-head with 10 professional penetration testers on Stanford's engineering network and absolutely demolished 9 out of 10 of them. At under $60 an hour compared to human testers charging $2,000-2,500 per day, it's not just better - it's dirt cheap. The bot found bugs fast and spotted vulns on an outdated webpage that human browsers couldn't even render properly.
Of course, it wasn't perfect - about 18% false positives and it completely whiffed on an obvious bug that most humans caught. But this connects to that recent news about Chinese hackers already using Anthropic's AI for similar network intrusions. We're hitting an inflection point where AI tools are actually getting good enough for real-world hacking, which is great for defenders who can now test way more code, but also terrifying since there's tons of unvetted software already out there just waiting to be picked apart by these AI systems. (read more)
AI features are in your code, bringing new vulnerabilities. This white paper from DryRun Security maps the OWASP Top 10 for LLM App Risks to real examples and a reference architecture to secure RAG, tool use, and agentic features before they reach production.(read the analysis)
*Sponsored
Google is patching a high-severity vulnerability that's actively being exploited in the wild, but they're being quiet about the details - no CVE number, no component, just a Chromium bug ID. Based on GitHub commits, it looks like the issue is in Google's ANGLE graphics library, probably a buffer overflow in the Metal renderer that could lead to memory corruption or code execution.
This marks the eighth zero-day that Chrome has patched this year, which feels like a lot even by modern standards. They also knocked out two medium-severity bugs in the Password Manager and Toolbar while they were at it. If you're on Chrome, time to update to version 143.0.7499.109/.110 - and that goes for other Chromium-based browsers too once they roll out their fixes. (read more)
We heard you liked ClickFix - so we doubled it and gave it to the next person. Push Security is calling this one “ConsentFix” and it’s clever. It combines OAuth consent phishing with ClickFix-style social engineering to hijack Microsoft accounts without ever needing passwords or bypassing MFA. The attack tricks victims into copy-pasting a localhost URL containing an OAuth authorization code from Azure CLI into a phishing page, essentially handing over account access.
Attackers are using compromised high-reputation sites found via Google Search, complete with fake Cloudflare Turnstile pages that only activate for specific target domains. Once you visit one of these sites, they sync across the entire campaign to prevent re-analysis. The attack specifically abuses Azure CLI because it's a first-party Microsoft app that's trusted by default in all tenants - meaning it bypasses most OAuth restrictions. If you're hunting for this, look for suspicious Azure CLI logins from non-admin users, especially with the "Windows Azure Active Directory" resource. (read more)
Danielle Hillmer, a former Accenture senior manager, got hit with fraud charges for allegedly telling the DoD that her company's cloud platform met all the necessary security requirements when it apparently didn't. Lying about FedRAMP compliance, access controls, logging, monitoring - all the stuff that's supposed to keep government data safe.
The timeline runs from March 2020 to November 2021, during which prosecutors say she was actively covering up security gaps and telling others to do the same. Accenture self-reported this mess to the feds in 2023 after their own internal review caught the issues. Now Hillmer's looking at potential decades behind bars for wire fraud, major government fraud, and obstruction. Rarely do people end up in legal trouble for getting hacked - but when they do end up in trouble, it’s because they lied. (read more)
Wiz researchers stumbled onto a live zero-day while investigating malware on a customer's system. Turns out there's an active CVE-2025-8110 in Gogs (a popular self-hosted Git service) that bypasses a previous RCE fix using symbolic links. The attack is pretty straightforward - create a repo, commit a symlink pointing outside the repository, then use the PutContents API to write through it and overwrite system files. They're seeing over 700 compromised instances out of about 1,400 publicly exposed Gogs servers.
This thing's been getting hammered since July and there's still no patch available. The attackers are using Supershell malware and leaving behind repos with random 8-character names as their calling card. If you're running Gogs with open registration enabled and it's internet-facing, you're likely toast. The researchers did the responsible disclosure dance back in July, but here we are in December still waiting for a fix while the bad guys keep having their way with unpatched instances. (read more)
AMOS stealer just found a clever new delivery method. Instead of the usual phishing emails or sketchy downloads, attackers are poisoning Google search results with malicious ChatGPT and Grok conversations. Users search for stuff like "clear disk space on macOS," click on what appears to be legitimate AI-generated help from chatgpt.com or grok.com, and follow step-by-step Terminal instructions that look completely reasonable. No downloads, no security warnings, no red flags - just copy, paste, and boom, you've got persistent malware harvesting your credentials and crypto wallets.
The conversations look authentic (because they are - hosted on real platforms), the instructions seem helpful, and copying Terminal commands from trusted sources is normal behavior. Traditional defenses won't catch this either since it's just users executing what appears to be legitimate system maintenance commands. We're seeing attackers evolve from mimicking trusted platforms to actually using them directly. (read more)
Coupang's CEO Park Dae-jun just resigned after a data breach exposed nearly 34 million customers' info. The South Korean e-commerce giant disclosed the breach on November 18th, and three weeks later Park decided to take responsibility and step down. Harold Rogers, their Chief Administrative Officer, is stepping in as interim CEO to handle the cleanup.
An analyst from KB Securities pointed out that Korean companies are "very cost-efficient" but tend to skimp on cybersecurity - and it shows. The country's had a string of major breaches, including SK Telecom hitting 23 million users earlier this year. Police are still digging into this one, with reports suggesting a former Chinese employee might be involved. South Korea's president is now calling for stricter penalties, which feels a bit reactionary, but we’ll see if it helps open up some budgets. (read more)
Meet Spiderman, not so friendly, or neighborhood, but instead it’s the latest phishing kit that's making European bank fraud easier. It’s a professional framework targeting dozens of banks across five countries, plus crypto wallets and even some government portals. Pick a bank, get a pixel-perfect clone, send ready-made lures that look legit, and you're in business.
It feels a lot like Evilginx, if you’re familiar with that, with real-time credential theft and OTP interception capabilities, plus some anti-detection features like country whitelisting and ISP filtering to keep security researchers out. The kit's Signal group has around 750 members, suggesting this thing's already being used a bunch. Once victims enter their creds, operators can trigger follow-up prompts for credit cards, phone numbers, PhotoTAN codes - basically everything needed for full account takeover and identity theft. (read more)
A vuln with a name! That means its more serious! Right? Well "GeminiJack" is a vulnerability found in Google Gemini Enterprise that let attackers steal corporate data through some AI manipulation. The attack was simple - share a Google Doc, calendar invite, or email with hidden prompt injection instructions, then wait for someone to do a normal search in Gemini. When they searched for something like "Q4 budgets," the AI would pull in the poisoned content, execute the malicious instructions, and dump sensitive data to an attacker-controlled server via a disguised image request.
This is all zero-click - employees just searched normally, got their results, and had no idea anything went wrong. Meanwhile, the AI was exfiltrating emails, calendar data, and documents across the entire Google Workspace. Google worked with the researchers and patched it up by separating Vertex AI Search from Gemini Enterprise, but this whole thing highlights how AI assistants with broad data access can become incredibly efficient corporate spying tools. Traditional security tools wouldn't catch this since it looked like normal AI queries and legitimate HTTP traffic. (read more)
I had all of these as separate articles before I found this one covering all 3 so lets save some space and time!
I know we’re all shocked to see Fortinet, Ivanti, and SAP dropping some patches you'll want to prioritize. Fortinet's got a pair of critical auth bypass flaws (CVE-2025-59718/59719) in FortiOS and friends that let attackers bypass FortiCloud SSO login through crafted SAML messages. It's not enabled by default, but if you're using it, flip that toggle off until you patch. Ivanti's EPM has a stored XSS (CVE-2025-10573) that' attackers can use to poison the admin dashboard by joining fake endpoints, and when admins check their dashboards, boom - session hijacked.
SAP's December batch includes 14 fixes with three criticals, including a code injection flaw in Solution Manager that Onapsis found. The Ivanti bug is concerning because it requires zero authentication and exploits normal admin behavior. Rapid7's research shows it's trivial to exploit - just send a fake device report and wait for someone to check the dashboard. These 3 vendors get weaponized fast so I’d get on top of these ASAP. (read more)
The FBI's warning scammers are lifting photos from social media, doing some quick editing work, and using them as fake "proof of life" shots to convince people their loved ones have been kidnapped. Of course, nobody's actually been kidnapped - it's just digital manipulation designed to panic you into wiring money before you think to actually call your family member.
They often use disappearing message features, so you can't analyze the photos closely. The FBI's advice is pretty solid: establish family code words for emergencies, be careful what personal info you share while traveling, and if you get one of these messages, take screenshots immediately. The scam works because people's first instinct is to panic rather than verify - which is exactly what these criminals are counting on. (read more)
You’ll remember us talking about Salt Typhoon as the group that hacked 80+ telecom companies and was intercepting calls between US presidential candidates. Turns out researchers traced two of their operators back to a pretty wild origin story. Yuyang and Qiu Daibing, who co-owned companies tied to the operation, were star students at Cisco's Network Academy Cup back in 2012. These guys were representing Southwest Petroleum University.
Their school has terrible ratings for computer science and cybersecurity education, yet they excelled at Cisco's competition and went on to orchestrate one of the most expansive intelligence operations in recent history. The researchers did some statistical analysis to confirm it's the same people (the odds of name collision are basically zero). It raises some uncomfortable questions about whether corporate training programs in foreign markets might be inadvertently creating tomorrow's adversaries - especially as China works to "Delete America" from their tech stack. (read more)
Miscellaneous mattjay
How'd I do this edition?It's hard doing this in a vacuum. Screaming into a void. Feedback is incredibly valuable to make sure I'm making a newsletter you love getting every week. |
Parting Thoughts:
Community was foundational in launching and propelling my career. Community is the only reason I can stand being in Texas during the summer months. Community is the point. Today, I invite you to embrace discomfort on the road to a more vulnerable you.
Stay safe, Matt Johansen
@mattjay