December 10, 2025

Risky Business #818 -- React2Shell is a fun one

Listen Later

58 minutes

In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

There’s a CVSS 10/10 remote code exec in the React javascript server. JS server? U wot mate?

China is out popping shells with it

Linux adds support for PCIe bus encryption

Amnesty International says Intellexa can just TeamViewer into its customers’ surveillance systems

…and a Belgian murder suspect complains that GrapheneOS’s duress wipe feature failed him?

This week’s episode is sponsored by Kroll Cyber. Simon Onyons is Managing Director at Kroll’s Cyber and Data Resilience arm, and he discusses a problem near to many of our hearts. Just how do you explain cyber risk to the board?

This episode is also available on Youtube.

Show notes

Risky Bulletin: APTs go after the React2Shell vulnerability within hours - Risky Business Media

Guillermo Rauch on X: "React2Shell" / X

React2Shell-CVE-2025-55182-original-poc/README.md at main · lachlan2k/React2Shell-CVE-2025-55182-original-poc · GitHub

Hydrogen: Shopify’s headless commerce framework

Researchers track dozens of organizations affected by React2Shell compromises tied to China’s MSS | The Record from Recorded Future News

Unveiling WARP PANDA: A New Sophisticated China-Nexus Adversary

Three hacking groups, two vulnerabilities and all eyes on China | The Record from Recorded Future News

Risky Bulletin: Linux adds PCIe encryption to help secure cloud servers

Sean Plankey nomination to lead CISA appears to be over after Thursday vote | CyberScoop

🕳 on X: "This guy is complaining that GrapheneOS “failed him”. Showing a Belgian 🇧🇪 police request for an interrogation regarding premeditated murder (as a suspect)." / X

Sanctioned spyware maker Intellexa had direct access to government espionage victims, researchers say | TechCrunch

To Catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary spyware - Amnesty International Security Lab

Is ransomware finally on the decline? Treasury data offers cautious hope | CyberScoop

UK cyber agency warns LLMs will always be vulnerable to prompt injection | CyberScoop

In comedy of errors, men accused of wiping gov databases turned to an AI tool - Ars Technica

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Risky Business

By Patrick Gray

4.6

364364 ratings

December 10, 2025

Risky Business #818 -- React2Shell is a fun one

Listen Later

58 minutes

In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

There’s a CVSS 10/10 remote code exec in the React javascript server. JS server? U wot mate?

China is out popping shells with it

Linux adds support for PCIe bus encryption

Amnesty International says Intellexa can just TeamViewer into its customers’ surveillance systems

…and a Belgian murder suspect complains that GrapheneOS’s duress wipe feature failed him?

This week’s episode is sponsored by Kroll Cyber. Simon Onyons is Managing Director at Kroll’s Cyber and Data Resilience arm, and he discusses a problem near to many of our hearts. Just how do you explain cyber risk to the board?

This episode is also available on Youtube.

Show notes

Risky Bulletin: APTs go after the React2Shell vulnerability within hours - Risky Business Media

Guillermo Rauch on X: "React2Shell" / X

React2Shell-CVE-2025-55182-original-poc/README.md at main · lachlan2k/React2Shell-CVE-2025-55182-original-poc · GitHub

Hydrogen: Shopify’s headless commerce framework

Researchers track dozens of organizations affected by React2Shell compromises tied to China’s MSS | The Record from Recorded Future News

Unveiling WARP PANDA: A New Sophisticated China-Nexus Adversary

Three hacking groups, two vulnerabilities and all eyes on China | The Record from Recorded Future News

Risky Bulletin: Linux adds PCIe encryption to help secure cloud servers

Sean Plankey nomination to lead CISA appears to be over after Thursday vote | CyberScoop

🕳 on X: "This guy is complaining that GrapheneOS “failed him”. Showing a Belgian 🇧🇪 police request for an interrogation regarding premeditated murder (as a suspect)." / X

Sanctioned spyware maker Intellexa had direct access to government espionage victims, researchers say | TechCrunch

To Catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary spyware - Amnesty International Security Lab

Is ransomware finally on the decline? Treasury data offers cautious hope | CyberScoop

UK cyber agency warns LLMs will always be vulnerable to prompt injection | CyberScoop

In comedy of errors, men accused of wiping gov databases turned to an AI tool - Ars Technica

...more

More shows like Risky Business

Hacked by Hacked

Hacked

190 Listeners

Security Now (Audio) by TWiT

Security Now (Audio)

2,010 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

370 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

653 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,023 Listeners

Smashing Security by Graham Cluley

Smashing Security

318 Listeners

Click Here by Recorded Future News

Click Here

419 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

8,047 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

181 Listeners

Hacking Humans by N2K Networks

Hacking Humans

313 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

189 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

74 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

138 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

44 Listeners

Hacker And The Fed by Chris Tarbell & Hector Monsegur

Hacker And The Fed

168 Listeners