Top news stories this week
- Don’t over-React. Maximum severity vulnerabilities in React and Next.js disclosed.
- Illuminating. Regulatory agencies tighten security rules following major data breaches.
- Access excess. South Korean Retailer Coupang faces investigation after breach affecting 33 million users.
- Golden takedown. Scam Center Strike Force powers activate.
- The seven-year switcheroo. Rogue browser extensions receive malicious updates years later.
- Exposed. Researchers reveal how North Korean criminals lure engineers to rent identities in fake IT worker scheme.
- Tumbled. Cryptocurrency-mixing service taken down in joint Swiss-German operation.
1. Critical vulnerabilities in React Server Components widely used in cloud environments
Researchers have discovered critical vulnerabilities in React Server Components, a widely used architecture in enterprise networks. There are estimates that as many as 40% of cloud environments could be impacted by the flaw, dubbed ‘react2shell’. React has clarified which specific conditions are needed to be vulnerable and many other vendors have already shipped patches and mitigations. Cloudflare briefly caused outages across the internet as it implemented a fix for the vulnerability.
So what?
Organizations should confirm if they are running a vulnerable, internet-facing version of React v19 or Next.js, and patch immediately if so.
[Researcher: James Tytler]
2. Regulatory agencies tighten security rules following major data breaches
The US Federal Trade Commission will require Illuminate Education to adopt a comprehensive security program following its 2021 data breach, including a mandate to delete unnecessary data and stop misrepresenting security practices.
Separately, Comcast agreed to pay USD 1.5 million to resolve an FCC investigation into a vendor breach that exposed data from roughly 237,000 customers.
So what?
Regulators are increasingly imposing strict penalties and compliance mandates on organizations that fail to implement basic security controls. Neglecting proactive measures can lead to costly settlements, as well as reputational damage.
[Researcher: Tlhalefo Dikolomela]
3. Coupang faces investigation after a data breach affecting around 33 million users
South Korea's retail giant Coupang has suffered a data breach affecting around 65% of country's population. The breach allegedly occurred after a former employee leaked sensitive data. The company failed to revoke the engineer’s access rights upon resignation, even though he had worked on the system’s authentication protocol. South Korea’s president has called for punitive fines and a formal investigation.
So what?
Organizations must ensure that there are processes in place to revoke access rights of employees who no longer need to use company systems.
[Researcher: Milda Petraityte]
4. Scam Center Strike Force powers activate.
The recently-formed US Department of Justice’s Scam Center Strike Force deployed FBI agents to Bangkok, working alongside the Royal Thai Police Force, stepping up its actions against scam compounds across Southeast Asia. Separately, the Thai government announced that it had seized assets in excess of USD 300 million and issued arrest warrants for 42 people.
SO WHAT?
International cooperation by law enforcement is encouraging, but companies and individuals should remain vigilant against scams.
[Researcher: Lester Lim]
5. Rogue browser extensions receive malicious updates years later
A long running campaign by Chinese threat actors has quietly turned once-benign browser extensions into spyware and backdoors, infecting 4.3 million users of Google Chrome and Microsoft Edge. Browser extensions originally published as seemingly legitimate productivity tools received malicious updates granting full browser surveillance rights, injecting malware, and exfiltrating browsing data. In some cases, extensions labelled “Featured” or “Verified” were updated years later to become malicious.
So What?
This news highlights the need for organizations to ensure that not only software installations, but also browser installations are controlled on user devices.
[Researcher: Steve Ross]
6. North Korean criminals lure engineers to act as frontmen in IT worker scheme
Security researchers have exposed the tactics of a Lazarus Group subunit running the North Korean IT worker scheme. Researchers created honeypot traps, using sandboxed virtual machines to gather live intelligence about their methods and tactics, and even captured photographs of the operatives at work. One tactic observed by the researchers involved the criminals recruiting legitimate engineers and convincing them to attend technical interviews as a front for the North Koreans.
SO WHAT?
Due diligence on remote IT workers is essential both pre and post-employment. Companies should leverage the Indicators Of Compromise (IOCs) from this research to strengthen defenses against insider threats.
[Researcher: Jenny Eysert]
7. Cryptocurrency-mixing service taken down in joint Swiss-German operation
Cryptomixer, a cryptocurrency-mixing service believed to be used by cybercriminals to launder over USD 1.3 billion in Bitcoin since 2016, has been taken down in a joint Swiss-German operation supported by Europol and Eurojust.
SO WHAT?
This takedown follows a similar joint Europol and US operation that shut down ChipMixer in 2023, at the time the largest money laundering facility on the dark web. These operations are important in disrupting criminal operations.
[Researcher: Rosie McKeown]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
