ポッドキャスト収録用のメモですよ。
podcast - #セキュリティのアレ - ゆるーいセキュリティのポッドキャストですよ。
事件、事故
国内証券会社の口座乗っ取りおよび不正取引被害に関して、警視庁が中国籍の 2人を逮捕
(11/28) 証券口座乗っ取り、中国人2人を相場操縦容疑などで逮捕…70万株売り抜け売却益860万円得たか : 読売新聞
(参考) 相場操縦容疑で摘発された国内証券口座のっとり事案についてまとめてみた - piyolog
韓国大手通販サイト Coupang から 3,370万件の個人情報が流出
(11/29) [쿠팡 개인정보 유출 통지] 자주 묻는 질문(FAQ)
(11/30) 고객 신고 뒤에야 인지한 쿠팡 … 정보 빼간 中직원은 '협박 메일' - 매일경제
(11/30) Coupang criticized over lax spending on security in wake of large-scale hack
(12/1) 韓国ネット通販大手で「史上最悪」個人情報流出「4人中3人が被害」:朝日新聞
(12/2) クーパンの個人情報流出 ぜい弱なセキュリティー体制が浮き彫りに l KBS WORLD Japanese
(12/2) クーパンの個人情報流出 初の集団訴訟「20万ウォンずつ請求」 l KBS WORLD Japanese
Europol および Eurojust とドイツ、スイスの法執行機関の協力により、暗号資産のミキシングサービス Cryptomixer を摘発
From 24 to 28 November 2025, Europol supported an action week conducted by law enforcement authorities from Switzerland and Germany in Zurich, Switzerland. The operation focused on taking down the illegal cryptocurrency mixing service ‘Cryptomixer’, which is suspected of facilitating cybercrime and money laundering.
Three servers were seized in Switzerland, along with the cryptomixer.io domain. The operation resulted in the confiscation of over 12 terabytes of data and more than EUR 25 million worth of the cryptocurrency Bitcoin. After the illegal service was taken over and shut down, law enforcement placed a seizure banner on the website.
欧州委員会が X に対して Digital Services Act にもとづく€120M の制裁金
(12/5) Commission fines X €120 million under the Digital Services Act
攻撃、脅威
Cloudflare が 2025年第 3 四半期の DDoS 脅威レポートを公開
(12/3) Cloudflare's 2025 Q3 DDoS threat report -- including Aisuru, the apex of botnets
CISA が BRICKSTORM マルウェアの攻撃活動に関する注意喚起
(12/4) BRICKSTORM Backdoor | CISA
Amnesty International などが共同で、商用スパイウェアベンダー Intellexa の活動に関する調査レポートを公開
The “Intellexa Leaks”, a new investigation published jointly by Inside Story, Haaretz and WAV Research Collective, presents troubling revelations about the surveillance company Intellexa and its signature product Predator, a form of highly invasive spyware that has been linked to human rights abuses in multiple countries.
(12/4) Intellexa’s Global Corporate Web
(12/4) Intellexa’s Prolific Zero-Day Exploits Continue | Google Cloud Blog
脆弱性
Android が複数の脆弱性を修正。すでに悪用が確認されている脆弱性を含む。
(12/1) Android Security Bulletin—December 2025 | Android Open Source Project
Note: There are indications that the following may be under limited, targeted exploitation.
- CVE-2025-48633
- CVE-2025-48572
CISA が Known Exploited Vulnerabilities (KEV) カタログに 2+1+1 個の脆弱性を追加
(12/2) CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA
- CVE-2025-48572 Android Framework Privilege Escalation Vulnerability
- CVE-2025-48633 Android Framework Information Disclosure Vulnerability
(12/3) CISA Adds One Known Exploited Vulnerability to Catalog | CISA
- CVE-2021-26828 OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability
(12/5) CISA Adds One Known Exploited Vulnerability to Catalog | CISA
- CVE-2025-55182 Meta React Server Components Remote Code Execution Vulnerability
JPCERT/CC が Array Networks Array AGシリーズにおけるコマンドインジェクションの脆弱性に関する注意喚起
(12/3) Array Networks Array AGシリーズにおけるコマンドインジェクションの脆弱性に関する注意喚起
ArrayAGでDesktopDirect機能が有効な場合に影響を受けるCVE未採番の修正パッチあり脆弱性について、国内での攻撃事例を観測とのこと>RT
— nekono_nanomotoni (@nekono_naha) December 4, 2025
稼働台数はWW1831台、国内188台を確認。網羅的かは不明ですがDesktopDirect有効ホストは11台で日本に多い。何度もAPT標的になってる機器なのに古いもの多数です。 https://t.co/XQ7zPTTexA pic.twitter.com/Bn2uP7zECf
React Server Components にリモートコード実行可能な脆弱性。すでに悪用が確認されている
(12/3) Critical Security Vulnerability in React Server Components – React
(12/3) Security Advisory: CVE-2025-66478 | Next.js
(12/3) React2Shell (CVE-2025-55182)
A 10.0 critical severity vulnerablility affecting server-side use of React.js, tracked as CVE-2025-55182 in React.js and CVE-2025-66478 specifically for the Next.js framework.
This vulnerability was responsibly disclosed by myself, Lachlan Davidson on 29 November 2025 PT to the Meta team. Initial disclosure and patch release was performed by React and Vercel on 3 December 2025 PT.
(12/5) Cloudflare outage on December 5, 2025
On December 5, 2025, at 08:47 UTC (all times in this blog are UTC), a portion of Cloudflare’s network began experiencing significant failures. The incident was resolved at 09:12 (~25 minutes total impact), when all services were fully restored.
A subset of customers were impacted, accounting for approximately 28% of all HTTP traffic served by Cloudflare. Several factors needed to combine for an individual customer to be affected as described below.
The issue was not caused, directly or indirectly, by a cyber attack on Cloudflare’s systems or malicious activity of any kind. Instead, it was triggered by changes being made to our body parsing logic while attempting to detect and mitigate an industry-wide vulnerability disclosed this week in React Server Components.
(12/5) React Server Componentsの脆弱性(CVE-2025-55182)について
React Server Components (CVE-2025-55182) RCE findings so far on 2025-12-05. 77664 IPs found vulnerable (based on @assetnote methodology).
— The Shadowserver Foundation (@Shadowserver) December 6, 2025
IP data is being shared in our Vulnerable HTTP reports: https://t.co/qxv0Gv6cAK
Dashboard geo breakdown: https://t.co/2ELWyWmEOX pic.twitter.com/98TrVBsdby
