Shai-Hulud 2.0 and a RCE vulnerability in React
Welcome to the December 2025 edition of the Datadog Security Digest!
This edition covers Shai-Hulud 2.0 and a critical remote code execution (RCE) vulnerability in React. We hope you enjoy catching up on the latest in cloud security!
This newsletter was created by a real person, not a machine. Your curator of the month is Kennedy Toomey.
Shai-Hulud 2.0
Our own Christophe Tafani-Dereeper and Sebastian Obregoso provide an analysis of the second wave of a second self-replicating npm worm, termed Shai-Hulud 2.0. This attack compromised almost 800 npm packages with a payload focused on harvesting credentials.
Cloud security
New adversary-in-the-middle phishing campaign
Datadog identified a phishing campaign, targeting organizations that use both Microsoft 365 and Okta, that is able to bypass multi-factor authentication (MFA) to hijack the single sign-on flow. The campaign was still active as of December 10th. This post includes the indicators of compromise to look for in your logs.
‘aws login’ introduces new phishing avenue
AWS recently released aws login, a new way for developers to get temporary credentials for local development. Adan Alvarez describes how attackers could exploit this new feature and how to block these attacks through policies.
Datadog’s approach to security
Bianca Lankford details how Datadog redesigned their internal security organization to scale as the company grows. They prioritized reliable, scalable systems, strengthening connections across specialized teams, and anticipating emerging risks and technologies.
Initial security overview of AWS Lambda Managed Instances
Eduard Agavriloae walks through the new AWS Lambda Managed Instances to provide an initial security overview. He uses investigator.cloud & CloudShovel to understand what is happening under the hood of the new AWS capability.
AI security
A new Generative AI Security Scoping Matrix
AWS released a new mental model to help evaluate and implement security controls for foundation model (FM)–based applications.
Prompt injections in CI/CD pipelines is confirmed
Aikido researchers identified a new vulnerability in Github Actions and Gitlab CI/CD that impacts workflows integrating AI agents. The vulnerability exposes those workflows to untrusted user input. This new vulnerability class, called PromptPwnd, confirms that prompt injection can compromise popular CI/CD pipelines.
AI agents are not immune to stress
New studies have shown that AI agents have increased rates of misbehavior when pressured by deadlines or similar stressors. Matthew Hutson describes the performance of different models when exposed to different levels of pressure.
Application security
Unauthenticated remote code execution (RCE) in React Server Components
A critical RCE vulnerability was discovered in React Server Components that affects both React and Next.js. Public exploit code is available, which makes remediation efforts even more critical.
2025 updates to the OWASP Top 10
At OWASP Global AppSec USA, an updated Top 10 was announced. Sooraj Shah details the changes from the previous 2021 version, most notably the addition of Software Supply Chain Failures at number three.
Community events and talks
BlackHat EU
At BlackHat EU, Datadog’s Rory McCune spoke about post-exploitation in Kubernetes clusters in his presentation “Beyond the Surface: Exploring Attacker Persistence Strategies in Kubernetes.” Check out his accompanying blog post to learn more.
AWS re:Invent
Another AWS re:Invent has come and gone. At the conference, Datadog’s Andrew Krug and Riot Games’ Nathan Pitchaikani discussed how to find real incidents among millions of events in their talk entitled “Detection Engineering at Scale: Building High-Fidelity Security Operations.”