Top stories.
- Apple and Google patch actively exploited zero-days.
- Threat actors continue targeting React2Shell.
- France's Ministry of the Interior discloses cyberattack.
Apple and Google patch actively exploited zero-days.
Apple and Google have both released emergency patches to fix actively exploited zero-day flaws, the Register reports. Apple issued updates for iOS, iPadOS, and macOS to patch two flaws in WebKit that may have been exploited in an "extremely sophisticated attack against specific targeted individuals." Google issued a Chrome Stable channel update to fix several vulnerabilities, including a high-severity flaw (CVE-2025-14174) that's being exploited in the wild.
The US Cybersecurity and Infrastructure Security Agency (CISA) has added the Chrome flaw to its Known Exploited Vulnerabilities (KEV) Catalog, noting that "[t]his type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise." CISA has ordered Federal Civilian Executive Branch (FCEB) agencies to patch the flaw by January 2nd.
Threat actors continue targeting React2Shell.
Google's Threat Intelligence Group (GTIG) warns of widespread exploitation of React2Shell (CVE-2025-55182) a maximum-severity remote code execution vulnerability in React Server Components. Multiple China-nexus groups began exploiting the vulnerability within hours of its disclosure on December 3rd, and Google has since observed Iranian threat actors and cybercriminal gangs targeting the flaw. Sysdig also warned last week that North Korean actors are deploying new malware via React2Shell.
Google urges organizations to patch vulnerable React Server Components as soon as possible.
France's Ministry of the Interior discloses cyberattack.
France's Ministry of the Interior has confirmed that it sustained a cyberattack that compromised its email servers, BleepingComputer reports. Interior Minister Laurent Nuñez stated on RTL Radio (translated from French), "There was indeed a cyberattack. An attacker was able to access a number of files. So we implemented the usual protection procedures. It could be foreign interference, it could be people who want to challenge the authorities and show that they are capable of accessing systems, and it could also be cybercrime. At this point, we don't know what it is."
