CulperSec

Critical security alert for organizations running React Server Components and modern frameworks that implement RSC (including Next.js, React Router, Expo, Waku, Redwood SDK, Vite/Parcel RSC and others).

The React team has disclosed CVE-2025-55182, a CVSS 10.0 unauthenticated remote code ex*****on vulnerability in React Server Components. Patched React and framework versions are now available and should be treated as an emergency upgrade, not a routine patch.

Read the official advisory and upgrade instructions:
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

CulperSec’s security engineering team is actively reviewing customer environments, and validating mitigations across our CulperIQ customers. If your organization needs help:

• Determining whether your apps are exposed
• Prioritizing and rolling out framework upgrades
• Adding monitoring and compensating controls around affected services

Contact us at [email protected] today

Critical Security Vulnerability in React Server Components – React The library for web and native user interfaces

🔒 Defending Healthcare & Infrastructure Against Interlock Ransomware 🔒

Ransomware is evolving—and the Interlock gang is leading the charge. From uncommon drive-by downloads and FileFix social-engineering to double-extortion data leaks, healthcare, pharma, manufacturing and critical infrastructure are at risk.

In our latest blog, discover:
• Why PHI and clinical research data are prime targets
• How operational downtime can cripple production and care
• The compliance imperatives under HIPAA and NIST CSF 2.0
• Challenges posed by novel Interlock TTPs (drive-by, FileFix, double extortion)
• How CulperSec's CulperIQ (Meridian SIEM + Aegis agent) empowers rapid detection, response and rollback

Don't wait for the next attack—fortify your defenses now. Read more: https://culpersec.com/blog/defending-against-interlock-ransomware

Voice cloning technology is no longer just a concern for the future – it's here, and it's accessible to scammers. In our latest blog post, we share how CulperSec is using AI voice cloning in pe*******on testing to help organizations fortify their defenses against this new threat. Don't miss out on these crucial insights! Read more: https://www.culpersec.com/blog/speaking-the-language-of-cyber-threats-voice-cloning-in-action

New Zero-Day Alert: CVE-2023-36884. A critical vulnerability is being exploited in the wild, putting businesses at risk. Learn about the threat, who's behind it, and the crucial steps your organization needs to take right now. https://www.culpersec.com/blog/urgent-advisory-unpatched-zero-day-cve-2023-36884-exploited

🔒Unlock the secrets to stronger cybersecurity and compliance in biotech, pharmaceuticals, and therapeutics! Learn how CulperSec can boost your security posture, simplify vendor risk, and win over auditors and investors. https://www.culpersec.com/blog/bridging-cybersecurity-and-compliance-with-culpersec

Are you prepared for Operational Due Diligence from Private Equity and Venture Capital partners? Learn how outsourcing IT and cybersecurity to a reputable provider like CulperSec can help you navigate the process and attract the right investment partners. Check out our latest blog post for more information! https://buff.ly/3DeeDcw

Learn why every organization needs a robust Patch Management program in our latest blog post! https://culpersec.com/patch-management-101-why-every-organization-needs-one/

Improve your security posture with some of our top IT security best practices! https://culpersec.com/general-it-security-best-practices-for-your-business/

On December 1st, the FBI and CISA released an Alert warning of an increase in "Cuba Ransomware" attacks, with the number of US entities impacted doubling since December 2021. The agencies recommend prioritizing known exploited vulnerabilities, training users to recognize phishing attempts and enabling phishing-resistant multi-factor authentication. More information on this alert can be found at: https://www.cisa.gov/uscert/ncas/alerts/aa22-335a

The "Bleed You" campaign is trying to take advantage of a known remote code ex*****on (RCE) vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions, and more than 1,000 systems are unpatched and vulnerable to compromise. https://www.darkreading.com/threat-intelligence/cyber-threat-weak-windows-servers-bleed-you-campaign

When threat actors look to infiltrate an organization's SaaS apps, they look to SaaS app misconfigurations as a means of entry. However, employees now use their personal devices to get their jobs done, which can increase risk and widen the attack surface. https://thehackernews.com/2022/07/the-new-weak-link-in-saas-security.html

Threat actors are leveraging a new zero-day vulnerability in Microsoft Office that allows an attacker to run untrusted code by creating a malicious document that uses the built in Windows MSDT feature. https://culpersec.com/microsoft-office-follina-zero-day-cve-2022-30190/