The democratisation of business email compromise fraud

This Cisco Talos newsletter summarizes multiple active security issues: a large-scale automated credential-harvesting campaign exploiting React2Shell (CVE-2025-55182) via a "NEXUS Listener", active exploitation of an F5 BIG-IP RCE, a Chrome zero-day in the wild, an Amazon cloud account breach, ongoing Qilin ransomware activity, and published malware IOCs; it provides mitigation recommendations (patching, credential rotation, IMDSv2, tuned WAF/RASP, least-privilege controls) and warns that BEC scams are increasingly automated and targeting small organizations.