Sign up to save your podcasts
Or
Share SANS Stormcast Monday, December 8th, 2025: AutoIT3 FileInstall; React2Shell Update; Tika Vuln
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
SANS Stormcast Monday, December 8th, 2025: AutoIT3 FileInstall; React2Shell Update; Tika Vuln
AutoIT3 Compiled Scripts Dropping Shellcodes
Malicious AutoIT3 scripts are usign the FileInstall function to include additional scripts at compile time that are dropped as temporary files during execution.
https://isc.sans.edu/diary/AutoIT3%20Compiled%20Scripts%20Dropping%20Shellcodes/32542
React2Shell Update
The race is on to patch vulnerable systems. Various groups are aggressively scanning the internet with different exploit variants. Some attempt to bypass WAFs.
https://blog.cloudflare.com/5-december-2025-outage/
https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/
Apache Tika XXE Flaw
Apache s Tika library patched a XXE flaw.
https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k
View all episodes
By Johannes UllrichAutoIT3 Compiled Scripts Dropping Shellcodes
Malicious AutoIT3 scripts are usign the FileInstall function to include additional scripts at compile time that are dropped as temporary files during execution.
https://isc.sans.edu/diary/AutoIT3%20Compiled%20Scripts%20Dropping%20Shellcodes/32542
React2Shell Update
The race is on to patch vulnerable systems. Various groups are aggressively scanning the internet with different exploit variants. Some attempt to bypass WAFs.
https://blog.cloudflare.com/5-december-2025-outage/
https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/
Apache Tika XXE Flaw
Apache s Tika library patched a XXE flaw.
https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k