Threat round-up

Stay ahead of emerging cyber threats with expert insights from Field Effect’s cybersecurity analysts.

The Threat Round-up is a weekly intelligence report that summarizes the most important threats, vulnerabilities, and active attack campaigns observed over the past seven days.

Each brief links to a detailed analysis, offering actionable guidance to help security teams mitigate risk, detect malicious activity, and strengthen defenses.

This week’s curated collection shines a spotlight on the BRICKSTORM campaign, the latest on the React Server Components RCE vulnerability, and more.

BRICKSTORM campaign targets MSP credentials to compromise virtual infrastructures

A recently released joint advisory details a sophisticated BRICKSTORM malware campaign used by Chinese state-sponsored actors. The operation abuses valid MSP credentials to gain access to VMware vCenter, clone virtual machines, create rogue VMs, and extract sensitive keys from ADFS.

Keep reading...

React Server Components RCE: Impact on Next.js and ecosystem dependencies

On December 3, React and Next.js disclosed a maximum-severity RCE vulnerability in React Server Components (RSC). The flaw allows attackers to run arbitrary code on affected servers using a single malicious HTTP request—no authentication required.

Update #1: On December 4, several online posts began circulating what appeared to be proof-of-concept exploits, though most were assessed to be fake or incomplete. Our team conducted a comprehensive review of all our products and services and confirmed that none of our systems are affected.

Update #2: AWS reported observing threat groups actively exploiting the vulnerability in the wild. This escalation underscores the urgency of patching React and Next.js deployments ASAP.

Keep reading...

CISA warns of Zenitel TCIV-3+ maximum-severity flaw

On November 25, CISA published an advisory detailing five vulnerabilities in Zenitel TCIV-3+ intercom versions prior to 9.3.3.0. The flaws include three operating system command injection vulnerabilities due to insufficient validation of user-supplied input, one cross-site scripting issue, and an out-of-bounds write. The vendor released the patched firmware version in October, prior to the advisory publication.

Keep reading...

Subscribe to the Field Effect Threat Round-up Newsletter

Join thousands of cybersecurity professionals and MSPs who trust Field Effect’s Threat Round-up Newsletter for the latest cyber threat intelligence. Delivered every Monday morning, it brings you the week’s most important new flaws, patches, and security news right to your inbox.

Signing up to the newsletter makes you the first to know about:

• Comprehensive threat intelligence: Updates on the latest threat actors, vulnerabilities, and campaigns, including observed tactics, techniques, and procedures (TTPs).
• Expert analysis and context: Field Effect’s analysts break down the impact of critical flaws and emerging campaigns, helping you understand evolving threat behaviors.
• Actionable defense guidance: Receive practical security steps, patching tips, and indicators of compromise (IOCs) to strengthen your defenses and stay one step ahead.
• Exclusive research: Explore in-depth investigations from Field Effect's analysts, uncovering new threat campaigns, indicators of compromise, and attacker behaviors as they emerge.

Sign up today and stay one step ahead: