The Blue Team Review

Author at AgentSOC

Published Posts

20 posts

CybersecurityDec 16, 2025

React2Shell Vulnerability Actively Exploited to Deliver Linux Backdoors

The security issue referred to as React2Shell is actively abused by threat actors as an initial access vector…

Network SecurityDec 16, 2025

Fortinet FortiGate Under Active Attack Via SAML SSO Authentication Bypass

Adversaries are now actively exploiting two recently disclosed vulnerabilities in Fortinet FortiGate devices, with exploitation beginning less than…

Software DevelopmentDec 16, 2025

Why Data Security and Privacy Must Start at the Code Level

AI-assisted development and AI app generation platforms are driving a sharp increase in both the number of applications…

CybersecurityDec 16, 2025

Amazon Reveals Years-Long GRU Campaign Targeting Energy and Cloud Infrastructure

Cloud Security / Vulnerability Amazon’s threat intelligence team has disclosed details of a multi‑year Russian state-aligned operation that…

CryptocurrencyDec 16, 2025

Malicious NuGet Package Impersonates Tracer.Fody and Steals Cryptocurrency Wallet Data

Cybersecurity / Cryptocurrency AgentSOC researchers are tracking a malicious NuGet package that typosquats and impersonates a widely used…

Cloud SecurityDec 16, 2025

Compromised IAM Credentials Power a Large AWS Cryptocurrency Mining Campaign

An active cloud abuse campaign is hitting Amazon Web Services (AWS) tenants by abusing stolen Identity and Access…

CybersecurityDec 16, 2025

ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit — plus 20 More Stories

This week’s developments highlight how quickly routine digital activity can intersect with real operational risk. Adversaries are pushing…

Cloud SecurityDec 16, 2025

Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Ongoing Attacks

A high-severity, still-unpatched vulnerability in Gogs is being actively exploited in the wild, with over 700 compromised internet-facing…

CybersecurityDec 16, 2025

WIRTE Uses AshenLoader Sideloading to Deploy the AshTag Espionage Backdoor

An advanced persistent threat (APT) tracked as WIRTE has been linked to intrusions against government and diplomatic networks…

Identity and Access ManagementDec 16, 2025

How Robotic Process Automation (RPA) Shapes Identity and Access Management

As enterprises mature their approaches to managing Non-Human Identities (NHIs), Robotic Process Automation (RPA) has become a key…

CybersecurityDec 16, 2025

NANOREMOTE Malware Uses Google Drive API for Covert C2 on Windows Systems

Cyber Espionage / Windows Security Security researchers have analyzed a fully-featured Windows backdoor dubbed NANOREMOTE that abuses the…

Server SecurityDec 16, 2025

CISA Adds Actively Exploited GeoServer XXE Flaw (CVE-2025-58360) to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity vulnerability in OSGeo GeoServer to its…

CybersecurityDec 16, 2025

React2Shell Exploitation Escalates to Large-Scale Global Attacks, Forcing Emergency Mitigation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has directed federal agencies to remediate the recent React2Shell vulnerability…

Software SecurityDec 16, 2025

New React Server Components Vulnerabilities Enable DoS and Source Code Exposure

The React maintainers have shipped patches for two additional classes of vulnerabilities in React Server Components (RSC) that,…

Artificial IntelligenceDec 16, 2025

Securing GenAI in the Browser: Effective Policy, Isolation, and Data Controls

The browser is now the primary access point to GenAI for most organizations: from web-based LLMs and copilots,…

CybersecurityDec 16, 2025

New AI-Driven Phishing Kits Use MFA Bypass Tactics to Steal Credentials at Scale

Security researchers are tracking four new phishing kits – BlackForce, GhostFrame, InboxPrime AI, and Spiderman – that are…

SecurityDec 16, 2025

Apple Releases Security Updates After Two WebKit Flaws Exploited in the Wild

Apple has shipped security fixes for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and Safari to close two WebKit…

Network SecurityDec 16, 2025

CISA Adds Actively Exploited Sierra Wireless AirLink Router Flaw Enabling Remote Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity vulnerability in Sierra Wireless AirLink ALEOS…

CybersecurityDec 16, 2025

Browser Extension Risk Guide in the Wake of the ShadyPanda Campaign

In early December 2025, security researchers detailed a long-running cybercrime campaign that had quietly turned popular Chrome and…

SecurityDec 16, 2025

FreePBX Patches Critical SQLi, File Upload, and AUTHTYPE Bypass Flaws That Enable Remote Code Execution

Multiple security issues have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including a critical…

The Blue Team Review

Published Posts

React2Shell Vulnerability Actively Exploited to Deliver Linux Backdoors

Fortinet FortiGate Under Active Attack Via SAML SSO Authentication Bypass

Why Data Security and Privacy Must Start at the Code Level

Amazon Reveals Years-Long GRU Campaign Targeting Energy and Cloud Infrastructure

Malicious NuGet Package Impersonates Tracer.Fody and Steals Cryptocurrency Wallet Data

Compromised IAM Credentials Power a Large AWS Cryptocurrency Mining Campaign

ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit — plus 20 More Stories

Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Ongoing Attacks

WIRTE Uses AshenLoader Sideloading to Deploy the AshTag Espionage Backdoor

How Robotic Process Automation (RPA) Shapes Identity and Access Management

NANOREMOTE Malware Uses Google Drive API for Covert C2 on Windows Systems

CISA Adds Actively Exploited GeoServer XXE Flaw (CVE-2025-58360) to KEV Catalog

React2Shell Exploitation Escalates to Large-Scale Global Attacks, Forcing Emergency Mitigation

New React Server Components Vulnerabilities Enable DoS and Source Code Exposure

Securing GenAI in the Browser: Effective Policy, Isolation, and Data Controls

New AI-Driven Phishing Kits Use MFA Bypass Tactics to Steal Credentials at Scale

Apple Releases Security Updates After Two WebKit Flaws Exploited in the Wild

CISA Adds Actively Exploited Sierra Wireless AirLink Router Flaw Enabling Remote Code Execution

Browser Extension Risk Guide in the Wake of the ShadyPanda Campaign

FreePBX Patches Critical SQLi, File Upload, and AUTHTYPE Bypass Flaws That Enable Remote Code Execution

AgentSOC

Resources

Legal

Follow Us

The Blue Team Review

Published Posts

React2Shell Vulnerability Actively Exploited to Deliver Linux Backdoors

Fortinet FortiGate Under Active Attack Via SAML SSO Authentication Bypass

Why Data Security and Privacy Must Start at the Code Level

Amazon Reveals Years-Long GRU Campaign Targeting Energy and Cloud Infrastructure

Malicious NuGet Package Impersonates Tracer.Fody and Steals Cryptocurrency Wallet Data

Compromised IAM Credentials Power a Large AWS Cryptocurrency Mining Campaign

ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit — plus 20 More Stories

Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Ongoing Attacks

WIRTE Uses AshenLoader Sideloading to Deploy the AshTag Espionage Backdoor

How Robotic Process Automation (RPA) Shapes Identity and Access Management

NANOREMOTE Malware Uses Google Drive API for Covert C2 on Windows Systems

CISA Adds Actively Exploited GeoServer XXE Flaw (CVE-2025-58360) to KEV Catalog

React2Shell Exploitation Escalates to Large-Scale Global Attacks, Forcing Emergency Mitigation

New React Server Components Vulnerabilities Enable DoS and Source Code Exposure

Securing GenAI in the Browser: Effective Policy, Isolation, and Data Controls

New AI-Driven Phishing Kits Use MFA Bypass Tactics to Steal Credentials at Scale

Apple Releases Security Updates After Two WebKit Flaws Exploited in the Wild

CISA Adds Actively Exploited Sierra Wireless AirLink Router Flaw Enabling Remote Code Execution

Browser Extension Risk Guide in the Wake of the ShadyPanda Campaign

FreePBX Patches Critical SQLi, File Upload, and AUTHTYPE Bypass Flaws That Enable Remote Code Execution