Security briefing: December 2025

December 2025 security roundup: multiple high-risk incidents surfaced including React2Shell (CVE-2025-55182) — an unauthenticated RCE with public PoC — active exploitation of MongoBleed (CVE-2025-14847) affecting many MongoDB instances, the BRICKSTORM backdoor used by state-linked actors to target Linux cloud environments and steal credentials, and the discovery of EtherRAT, a sophisticated blockchain-based C2 implant tied to React2Shell exploits; the month also saw an ESA source-code breach and significant DDoS disruption in France. The report urges prompt patching, deployment of IOCs/detections, stronger authentication and segmentation, and increased monitoring for anomalous activity.