Breach Roundup: React Flaw Incites Supply Chain Risk

Also, Microsoft Badly Patches LNK Flaw, Australian Sentenced for 'Evil Twin' Hack Pooja Tikekar (@PoojaTikekar) • December 4, 2025

Every week, ISMG rounds up cybersecurity incidents and breaches around the world. This week, cyber defenders scrambled to patch a React framework flaw, Microsoft quietly fixed a long-abused Windows shortcut flaw, a watchdog said Defense Secretary Pete Hegseth endangered a military operation, North Korean actors expanded their npm "Contagious Interview" campaign. An Australian IT worker was jailed for airport Wi-Fi "evil twin" crimes. The U.S. Federal Trade Commission is reimbursing $15.3 million to Avast users and a London city council confirmed attackers stole data.

See Also: Going Beyond the Copilot Pilot - A CISO's Perspective

Developers behind one of the most commonly used web application frameworks patched a maximum severity vulnerability that allows unauthenticated remote code execution.

The vulnerability, tracked as CVE-2025-55182, affects all versions of the ...