Risky Business Weekly (818): React2Shell is a fun one

In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

There's a CVSS 10/10 remote code exec in the React javascript server. JS server? U wot mate?
China is out popping shells with it
Linux adds support for PCIe bus encryption
Amnesty International says Intellexa can just TeamViewer into its customers' surveillance systems
...and a Belgian murder suspect complains that GrapheneOS's duress wipe feature failed him?

This week's episode is sponsored by Kroll Cyber. Simon Onyons is Managing Director at Kroll's Cyber and Data Resilience arm, and he discusses a problem near to many of our hearts. Just how do you explain cyber risk to the board?

Show Notes:

Risky Bulletin: APTs go after the React2Shell vulnerability within hours - Risky Business Media
https://risky.biz/risky-bulletin-apts...

Guillermo Rauch on X: "React2Shell" / X
https://x.com/rauchg/status/199736294...

React2Shell-CVE-2025-55182-original-poc/README.md at main · lachlan2k/React2Shell-CVE-2025-55182-original-poc · GitHub
https://github.com/lachlan2k/React2Sh...

Hydrogen: Shopify’s headless commerce framework
https://hydrogen.shopify.dev/

Researchers track dozens of organizations affected by React2Shell compromises tied to China’s MSS | The Record from Recorded Future News
https://therecord.media/researchers-t...

Unveiling WARP PANDA: A New Sophisticated China-Nexus Adversary
https://www.crowdstrike.com/en-us/blo...

Three hacking groups, two vulnerabilities and all eyes on China | The Record from Recorded Future News
https://therecord.media/three-hacking...

Risky Bulletin: Linux adds PCIe encryption to help secure cloud servers
https://risky.biz/risky-bulletin-linu...

Sean Plankey nomination to lead CISA appears to be over after Thursday vote | CyberScoop
https://cyberscoop.com/sean-plankey-c...

🕳 on X: "This guy is complaining that GrapheneOS “failed him”. Showing a Belgian 🇧🇪 police request for an interrogation regarding premeditated murder (as a suspect)." / X
https://x.com/sekurlsa_pw/status/1997...

Sanctioned spyware maker Intellexa had direct access to government espionage victims, researchers say | TechCrunch
https://techcrunch.com/2025/12/04/san...

To Catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary spyware - Amnesty International Security Lab
https://securitylab.amnesty.org/lates...

Is ransomware finally on the decline? Treasury data offers cautious hope | CyberScoop
https://cyberscoop.com/ransomware-pay...

UK cyber agency warns LLMs will always be vulnerable to prompt injection | CyberScoop
https://cyberscoop.com/uk-warns-ai-pr...

In comedy of errors, men accused of wiping gov databases turned to an AI tool - Ars Technica
https://arstechnica.com/information-t...