In Partnership With
🔐 This Week’s Securityish Brief
React2Shell vulnerability (CVE-2025-55182) compromises 30+ organizations and 77,000 IPs
Microsoft patches long-exploited Windows LNK vulnerability (CVE-2025-9491)
Inotiv reports data breach affecting 9,542 people after ransomware attack
DragonForce Ransomware group offers 80% profit share to affiliates — signalling a surge in organized ransomware campaigns
React2Shell vulnerability hits wide
Threats & Incidents
🔐 The Securityish Brief: A critical flaw known as React Server Components vulnerability CVE-2025-55182 has exposed more than 77,000 internet-facing IP addresses and led to breaches at over 30 organizations.
🔍 The Breakdown:
The vulnerability allows unauthenticated remote code execution through a single HTTP request.
Attackers — including state-linked groups — began actively exploiting the flaw shortly after disclosure.
Affected frameworks include React Server Components and popular tools like Next.js.
The scale is large: tens of thousands of IPs and potentially millions of vulnerable services globally.
📢 Why it matters: This vulnerability shows how a single flaw in widely used web frameworks can ripple across thousands of organizations — potentially exposing data, compromising servers, or allowing attackers to take control. Websites and services people use every day may be at risk if they aren’t patched.
🛡️ What You Should Do: Ensure any web apps, services, or hosting platforms you use are updated to versions that patch CVE-2025-55182. If you manage or use services built on React or Next.js, check with your provider or site admin to confirm updates. Avoid using outdated deployments until they are secured.
In Partnership With
The Nonprofit Stack
🔐 The Securityish Brief: Nonprofits are wasting time and resources on scattered, outdated tools that block mission driven work.
🔍 The Breakdown:
Most nonprofits juggle disconnected systems for fundraising, programs, outreach, and operations.
Teams lose hours fixing data issues, reconciling spreadsheets, and recovering missing information.
Silos make it hard to understand donors, measure impact, or share insights across the organization.
Inefficient tech slows growth and drains capacity where it matters most.
📢 Why it matters: Why it matters: Your mission deserves better than duct taped tools. Visit The Nonprofit Stack to discover how a unified, modern platform can streamline your workflows, strengthen collaboration, and help your organization achieve more with less.
Microsoft patches long-ignored LNK flaw
Threats & Incidents
🔐 The Securityish Brief: Windows’s recent update addressed CVE-2025-9491, a vulnerability in LNK (shortcut) file handling that had been exploited for years to run malicious code without users knowing.
🔍 The Breakdown:
The flaw let attackers hide dangerous commands inside .LNK files using whitespace tricks, making them look harmless.
Exploitation dates back to 2017 and involved multiple state-linked hacker groups distributing malware like PlugX and XDigo.
The patch changes how shortcut target commands are displayed, aiming to prevent hidden malicious commands.
The flaw had a CVSS rating of 7.8, making it a serious security risk until addressed.
📢 Why it matters: Many of us use Windows daily and open shortcuts without thinking twice. This patch removes a stealthy mechanism hackers used for years to infect systems. If you skipped updates — or don’t pay attention to shortcut warnings — you may have been vulnerable.
🛡️ What You Should Do: Make sure your Windows system has the latest updates installed. Be cautious with .LNK files received via email or downloaded from untrusted sites. Avoid opening shortcuts unless you’re sure of their origin.
Inotiv breach exposes data of nearly 10,000 people
Threats & Incidents
🔐 The Securityish Brief: Inotiv, a pharmaceutical research firm, disclosed that a ransomware attack it suffered in August 2025 resulted in a data breach affecting 9,542 individuals.
🔍 The Breakdown:
The attack was carried out by the Qilin ransomware group, which exfiltrated over 162,000 files amounting to 176 GB.
The stolen data appears to include records related to employees and potentially others connected to the firm.
Inotiv has restored network access and is notifying those impacted, but details about exactly what types of personal data were exposed remain limited.
The breach underscores risks even for large, well-resourced firms: being targeted by ransomware groups remains a real threat.The flaw had a CVSS rating of 7.8, making it a serious security risk until addressed.
📢 Why it matters: If you are or were associated with Inotiv — as an employee, contractor, or relative — your personal information could be exposed. For the broader public, this breach illustrates that ransomware doesn’t only hit small companies or careless businesses. Sensitive personal data can be at risk from well-organized cybercrime.
🛡️ What You Should Do: If you believe you may have been impacted, monitor any email or account activity carefully. Consider changing passwords and enabling multi-factor authentication wherever possible. Be alert for phishing emails that may try to exploit this breach.
DragonForce announces major profit-sharing scheme
Threats & Incidents
🔐 The Securityish Brief: Cyber-crime group DragonForce has declared it will give 80% of ransomware profits to its affiliates, a move that could substantially increase the number and scale of future attacks.
🔍 The Breakdown:
DragonForce’s shift to profit-sharing aims to attract more affiliates and expand their reach to Western countries and Australia.
The group upgraded its infiltration tools to bypass security measures more effectively.
Their tactic mirrors those of other organized ransomware operations that rely on affiliates to deploy malicious payloads.
Experts warn this could lead to a rise in phishing-led ransomware attacks and broaden the pool of potential targets.
📢 Why it matters: This profit-share model shows how ransomware is increasingly structured like a business, with many hands involved. That means more attacks, and potentially more victims — from small businesses to individuals — as cyber-criminals seek easier profit via affiliates. It broadens the threat landscape for everyone.
🛡️ What You Should Do: Be particularly cautious with unexpected emails or links. Enable multi-factor authentication (MFA) on important accounts. Regularly back up your data so you’re prepared in case of ransomware.
💡 Tip Of The Week
Use a password manager to create strong, unique passwords for each account — it reduces risk if one of your accounts is exposed.
🧠 Key Terms & Concepts
Remote code execution — when attackers can run commands on a system remotely, like through a vulnerable web framework or file.
.LNK file — a Windows shortcut file that can be manipulated to hide malicious commands.
Ransomware-as-a-Service (RaaS) - when cybercriminals offer ransomware tools to affiliates, spreading attacks widely and quickly.
Patch / update — a software fix that closes security vulnerabilities; applying patches promptly helps prevent known exploits.
