Risky Business Podcast
December 10, 2025
Risky Business #818 -- React2Shell is a fun one
Presented by
Technology Editor
CEO and Publisher
In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
- There’s a CVSS 10/10 remote code exec in the React javascript server. JS server? U wot mate?
- China is out popping shells with it
- Linux adds support for PCIe bus encryption
- Amnesty International says Intellexa can just TeamViewer into its customers’ surveillance systems
- …and a Belgian murder suspect complains that GrapheneOS’s duress wipe feature failed him?
This week’s episode is sponsored by Kroll Cyber. Simon Onyons is Managing Director at Kroll’s Cyber and Data Resilience arm, and he discusses a problem near to many of our hearts. Just how do you explain cyber risk to the board?
This episode is also available on Youtube.
Brought to you by Kroll
Cyber Security Services | Cyber Risk
Show notes
Risky Bulletin: APTs go after the React2Shell vulnerability within hours - Risky Business Media
Guillermo Rauch on X: "React2Shell" / X
Hydrogen: Shopify’s headless commerce framework
Unveiling WARP PANDA: A New Sophisticated China-Nexus Adversary
Risky Bulletin: Linux adds PCIe encryption to help secure cloud servers
Sean Plankey nomination to lead CISA appears to be over after Thursday vote | CyberScoop
Is ransomware finally on the decline? Treasury data offers cautious hope | CyberScoop
UK cyber agency warns LLMs will always be vulnerable to prompt injection | CyberScoop
In comedy of errors, men accused of wiping gov databases turned to an AI tool - Ars Technica