SANS Stormcast Monday, December 8th, 2025: AutoIT3 FileInstall; React2Shell Update; Tika Vuln (#)
SANS Internet Storm Center's Daily Network Security News Podcast · Johannes B. Ullrich
December 8, 20255m 35s
Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
SANS Stormcast Monday, December 8th, 2025: AutoIT3 FileInstall; React2Shell Update; Tika Vuln AutoIT3 Compiled Scripts Dropping Shellcodes Malicious AutoIT3 scripts are usign the "FileInstall" function to include additional scripts at compile time that are dropped as temporary files during execution. https://isc.sans.edu/diary/AutoIT3%20Compiled%20Scripts%20Dropping%20Shellcodes/32542 React2Shell Update The race is on to patch vulnerable systems. Various groups are aggressively scanning the internet with different exploit variants. Some attempt to bypass WAFs. https://blog.cloudflare.com/5-december-2025-outage/ https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/ Apache Tika XXE Flaw Apache's Tika library patched a XXE flaw. https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k keywords: apache; tika; react; autoit3; autoit;