China map outline, flag colors red, yellow glowing. Futuristic circuit board digital technology backdrop. High-tech data streams, innovation, modern design, connectivity global network.

(Adobe Stock)

React2Shell bug exploited by China-linked groups, fix briefly disrupts Cloudflare

Steve ZurierDecember 5, 2025

React2Shell shows patching must be immediate — attackers now weaponize flaws within hours.

RESOURCES

CSPM
Beyond CSPM: Building real-time, resource-optimized security strategies
Application security
From admin-led maintenance to policy-as-code: Re-architecting Salesforce governance for security
Application security
Salesforce security in a shared-responsibility world: Catching misconfigurations and drift before they become breaches
Identity
Why workforce password management is non- negotiable
Critical Infrastructure Security
From classrooms to command posts: The cyber education crisis

PODCASTS

Vulnerability Management
Toilet Cams, N. Korea, Brickstorm, MCP, React2Shell, Proxmox, Metaverse, Josh Marpet – SWN #535
IoT
Holiday Hack Challenge, AI, Internet of Trash – Ed Skoudis – PSW #903
Cloud Security
Shadow Risks in SaaS, Cybersecurity Market Has Lost Its Mind, and Rise of the CTrO – Mike Puglia – BSW #424
Vulnerability Management
AI semantics, Calendly, Teams, Schmaltz, India, Antigravity, Scada, Aaran Leyland… – SWN #534
Application security
Making TN Critical Infrastructure the Most Secure in the Nation – T. Gwyddon ‘Data’ Owen, James Cotter – ASW #359

FEATURED

Perspectives Spotlight: Expert Insights

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Evolving fake resume campaign leads to RedLoader, ransomware infection

Laura FrenchDecember 5, 2025

A threat group known as GOLD BLADE is evolving its tactics to deploy RedLoader and QWCrypt.

Explore the realm of cyber security with advanced technology concepts focusing on protection, detection, and identity verification, enhanced by robotics and innovation.

Cybersecurity startup 7AI raises record $130M to scale agentic AI

Stephen WeigandDecember 5, 2025

7AI’s record funding underscores rising confidence in agentic AI to transform security operations.

Threat Intelligence

China-linked threat actor WARP PANDA targets US entities with BRICKSTORM

Laura FrenchDecember 5, 2025

The group targets VMware vCenter environments, gaining initial access through edge devices.

Data transfer high speed data network binary code, ai automation, cybersecurity background. Data transmission through a fiber optic cable cyber design, parallel track universe. Binary tube tunnel.

Application security

MCP servers emerge as new supply chain risk as real attacks accelerate

OWASP GenAI Security Project Team December 5, 2025

Recent MCP breaches show how privileged servers enable data theft, stressing need for strict controls.

Digital computer screen with system error messages and cyber attack warning representing online hacking and data breach

Ransomware attack on Marquis Software Solutions targeted 74 banks

Steve ZurierDecember 4, 2025

Data from over 400,000 users stolen in a ransomware attack on SonicWall firewall.

Application security

CISA issues joint guidance on secure use of AI in OT systems

Laura FrenchDecember 4, 2025

The document outlines four key principles to follow when considering AI use in OT.

Urgent Mobile Notifications Alert Icons for UIUX Design App Development

Application security

India backs off from requiring government-made security app

Steve ZurierDecember 3, 2025

Experts preferred EU approach of mandating security outcomes on vendors versus a government app.

(Credit: Thaspol – stock.adobe.com)

Claude Agent Skills could be used to deploy malware, researchers say

Laura FrenchDecember 3, 2025

An attacker could distribute a malicious Skill that quietly retrieves external scripts.

EVENTS