Critical Vulnerabilities and Threats in Cybersecurity

In this episode of ‘Cybersecurity Today,’ host Jim Love discusses several significant cybersecurity issues. Highlights include a maximum severity vulnerability in React Server Components dubbed React2Shell (CVE-2025-55182), a recently patched Windows shortcut flaw by Microsoft, and new attacks using the Evilginx phishing platform in schools. Additionally, the show explores a long-running campaign by ‘Shady Panda,’ which used browser extensions to harvest data, and an unexpected failure by Google’s AI tool that led to the deletion of a developer’s hard drive.

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that’s built for performance and scale.

You can find them at Meter.com/cst

00:00 Introduction and Sponsor Message
00:48 React Vulnerability: React2Shell
03:13 Microsoft’s Long-Standing Shortcut Flaw
04:50 Evilginx: Bypassing MFA in Education
06:59 Shady Panda’s Malicious Extensions
09:13 Google’s AI Mishap: Developer’s Hard Drive Wiped
11:01 Conclusion and Final Thoughts