A global coalition led by Microsoft and Europol has dismantled the Tycoon 2FA phishing-as-a-service platform, a major criminal enterprise that enabled attackers to bypass multi-factor authentication and compromise nearly 100,000 organisations worldwide.
Jensen Huang's GTC 2026 reframed the AI race entirely: agentic AI, physical intelligence, orbital data centres and self-driving platforms have replaced benchmark wars. On the All-In podcast he tackled AI's PR crisis head-on. NVIDIA is building the infrastructure backbone of the next global economy.
Stryker is rebuilding after a cyberattack that wiped about 80,000 devices via a compromised Intune admin account, with up to 50TB of data reportedly exfiltrated. As US systems face similar probes, Australia is exposed, increasing pressure on boards to tighten cyber controls and readiness.
Critical React flaw React2Shell is under active state sponsored exploitation, allowing unauthenticated remote code execution across thousands of web apps. ACSC and US CISA have issued urgent warnings, calling on Australian organisations to patch immediately.
A newly disclosed critical vulnerability in the global React JavaScript ecosystem is now under active exploitation by state-linked threat actors, triggering urgent alerts from cybersecurity agencies worldwide, including Australia’s Cyber Security Centre (ACSC).
The flaw, formally tracked as CVE-2025-55182 and dubbed “React2Shell”, enables unauthenticated remote code execution (RCE) via unsafe deserialisation in React Server Components. In simple terms, attackers can take full control of affected servers without credentials or user interaction. Researchers say exploitation is “trivial” and successful in most default configurations.
The vulnerability was added to the US CISA Known Exploited Vulnerabilities catalogue on December 5, confirming real-world attacks. Australia’s ACSC followed with a critical national alert, warning businesses and government agencies to act immediately.
Threat intelligence firms including Wiz and Amazon have confirmed that multiple Chinese state-nexus threat groups began exploiting the flaw within hours of its public disclosure. Identified activity includes credential theft, malware deployment using Cobalt Strike and Sliver, and large-scale cryptomining.
The risk exposure is substantial. Researchers estimate that up to 39 per cent of cloud environments contain vulnerable libraries, while more than 77,000 internet-facing IP addresses remain exposed globally. At least 30 organisations are already confirmed as compromised.
The flaw affects multiple React Server packages and several versions of Next.js, a framework widely used by Australian enterprises across fintech, e-commerce, media, healthcare and government digital services.
Security leaders are unequivocal. The React team has issued urgent guidance to upgrade all affected packages immediately, while industry experts warn that automated mass exploitation is already underway.
This is not a technical edge case. React underpins a significant portion of the modern internet, from banking portals and trading platforms to government services and national retailers. A remotely exploitable flaw at this scale represents a systemic cyber risk, not just an IT issue.
For Australian businesses, the implications are immediate and commercial. Any organisation running exposed React or Next.js applications now faces potential data breaches, operational shutdowns, ransomware events, regulatory penalties and brand damage. Given the ease of exploitation, this vulnerability dramatically lowers the barrier for both state-based and criminal attackers.
The confirmed involvement of state-sponsored actors also elevates the threat beyond routine cybercrime. It signals that this flaw is already being tested for espionage, strategic access and pre-positioning in critical infrastructure environments. That places pressure on boards, regulators and cyber insurers alike.
From a governance perspective, this event reinforces a harsh reality of modern software supply chains. A vulnerability in a shared open-source component can instantly cascade across thousands of organisations, regardless of size or sector. It underlines why patch management, real-time vulnerability monitoring and executive-level cyber oversight are now matters of business resilience, not technical hygiene.
For Australia specifically, the ACSC’s rare “critical” classification reflects the potential for national-scale impact. Financial services, healthcare, logistics and media platforms are all at heightened risk due to their heavy reliance on React-based architectures.
In short, React2Shell is a textbook example of how a single software flaw can become a global economic and security event within days. Organisations that delay patching now are not just accepting technical risk, they are assuming strategic, legal and financial exposure in one of the most active cyber threat environments seen in years.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
A global coalition led by Microsoft and Europol has dismantled the Tycoon 2FA phishing-as-a-service platform, a major criminal enterprise that enabled attackers to bypass multi-factor authentication and compromise nearly 100,000 organisations worldwide.
Stryker is rebuilding after a cyberattack that wiped about 80,000 devices via a compromised Intune admin account, with up to 50TB of data reportedly exfiltrated. As US systems face similar probes, Australia is exposed, increasing pressure on boards to tighten cyber controls and readiness.
Google has issued an emergency patch for a high-severity zero-day (CVE-2026-3910) in its V8 JavaScript engine, which is being actively exploited in the wild. The flaw allows arbitrary code execution, posing a significant risk to billions of Chrome users globally, including in Australia.
Singtel executives fronted a Senate inquiry, categorically denying explosive allegations that a secret ransom was paid to hackers following the massive 2022 Optus data breach that exposed personal information of 9.8 million Australians, amid ongoing inquiry into the telco's operational failures.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
