<br/> Maybe a Little Bit More Interesting React2Shell Exploit<br/> Attackers are branching out to attack applications that initial exploits may have missed. The latest wave of attacks is going after less common endpoints and attempting to exploit applications that do not have Next.js exposed.<br/> <a href="https://isc.sans.edu/diary/Maybe%20a%20Little%20Bit%20More%20Interesting%20React2Shell%20Exploit/32578">https://isc.sans.edu/diary/Maybe%20a%20Little%20Bit%20More%20Interesting%20React2Shell%20Exploit/32578</a><br/> UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager<br/> Cisco s Security Email Gateway and Secure Email and Web Manager patch an already-exploited vulnerability.<br/> <a href="https://blog.talosintelligence.com/uat-9686/">https://blog.talosintelligence.com/uat-9686/</a><br/> <a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4</a><br/> SONICWALL SMA1000 APPLIANCE LOCAL PRIVILEGE ESCALATION VULNERABILITY<br/> A local privilege escalation vulnerability, which SonicWall patched today, is already being exploited.<br/> <a href="https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019">https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019</a><br/> Google releases vulnerability details<br/> Google updated last week s advisory by adding a CVE to the mystery vulnerability and adding a statement that it affects WebGPU. No new patch was released.<br/> <a href="https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_16.html">https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_16.html</a><br/>