Tech Bytes Logo Tech Bytes
Dillip Chowdary
Dillip Chowdary
Tech Entrepreneur & Innovator | December 8, 2025

IDEsaster: 30+ AI IDE Flaws + React2Shell Exploited + Android Security Patch

Today's Top Highlights

  • IDEsaster: 30+ vulnerabilities in Cursor, Copilot, Windsurf, and other AI IDEs
  • React2Shell: CVE-2025-55182 actively exploited by Chinese APT groups
  • Android December Bulletin: Critical framework vulnerabilities patched
  • ChrimeraWire: New Windows trojan manipulates Chrome for SEO fraud
  • Perplexity Comet: Zero-click attack can wipe Google Drive contents

CRITICAL: IDEsaster - AI IDE Vulnerabilities

Security researcher Ari Marzouk disclosed 30+ vulnerabilities collectively named "IDEsaster" affecting AI-powered IDEs including Cursor, Windsurf, GitHub Copilot, Zed.dev, Kiro.dev, Roo Code, Junie, and Cline. These flaws combine prompt injection with legitimate features to enable data exfiltration and RCE.

IDEsaster: AI IDEs Under Attack

The IDEsaster vulnerabilities exploit the intersection of prompt injection and IDE features, enabling attackers to steal source code, credentials, and execute arbitrary commands.

  • Affected IDEs: Cursor, Windsurf, Kiro.dev, GitHub Copilot, Zed.dev, Roo Code, Junie, Cline
  • Attack Vectors: Prompt injection primitives combined with legitimate IDE features
  • Impact: Data exfiltration, remote code execution, credential theft
  • Mitigation: Update to latest IDE versions, review AI-generated code carefully

Read full IDEsaster disclosure on The Hacker News

React2Shell: CVSS 10.0 Actively Exploited

CISA added CVE-2025-55182 (React2Shell) to its Known Exploited Vulnerabilities catalog. Two Chinese APT groups weaponized this React Server Components RCE within hours of disclosure.

  • CVSS Score: 10.0 (Critical) - Unauthenticated remote code execution
  • Active Exploitation: Chinese APT groups attacking within hours of disclosure
  • Patched Versions: React 19.0.1, 19.1.2, and 19.2.1
  • CISA Deadline: Federal agencies must patch by December 26, 2025

Check CISA KEV catalog for React2Shell details

WordPress Sneeit Plugin: CVSS 9.8

A critical vulnerability in the Sneeit Framework plugin (CVE-2025-6389) is being actively exploited in the wild, affecting all versions prior to 8.4.

  • CVE-2025-6389: CVSS 9.8 - Critical severity
  • Affected: Sneeit Framework plugin versions ≤ 8.3
  • Fixed In: Version 8.4 - Update immediately
  • Status: Active exploitation in the wild

Read WordPress security advisory

Android December 2025 Security Bulletin

Google released the Android December 2025 Security Bulletin addressing several critical and severe vulnerabilities in the Android Framework.

  • Critical Framework Flaw: Most severe vulnerability affects Android Framework component
  • Severity Ratings: Multiple issues rated as "critical" or "severe"
  • All Devices Affected: Bulletin impacts all Android devices
  • Patch Now: Updates rolling out to Pixel and partner devices

View Android Security Bulletin December 2025

New Malware: ChrimeraWire & Comet Attack

Two new threats emerged: ChrimeraWire trojan manipulating Chrome for SEO fraud, and a zero-click attack targeting Perplexity's Comet browser.

  • ChrimeraWire: Windows trojan automates Chrome to simulate user activity and manipulate search rankings
  • Perplexity Comet Attack: Zero-click Google Drive Wiper can delete all files via malicious email
  • Attack Vector: Exploits browser agents connected to Gmail and Google Drive
  • Protection: Review browser agent permissions, be cautious with AI browser extensions

Read more about emerging malware threats

Tech Bytes: Quick Hits

  • Microsoft Defender XDR: New "predictive shielding" capability uses analytics to anticipate attacker progression
  • Cloudflare DDoS: Mitigated record-breaking Aisuru attack peaking at 14.1 Bpps
  • UK Facial Recognition: Home Office report reveals racial bias in police facial recognition technology
  • 5 Web Security Threats: Report highlights threats reshaping web security in 2025
Share on Twitter Share on LinkedIn