A

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at meter.com CST.

Google outlines a new security plan for chrome agents next JS issues a one line scanner for react to shell flaws. Storm 0249 hides malware inside EDR tools and manufacturers are still top ransomware targets. This is Cybersecurity Today and I'm your host Jim Love.

Google has released its blueprint for securing agentic browsing in Chrome, outlining how it plans to manage the risks that come with letting AI take actions on a user's behalf. Google says that billions of people already rely on Chrome for protection, and with agents now entering the browser, their position is the stakes have changed. In a detailed Post published on December 8, Google described a new layered defense architecture. The centerpiece is a two model system where a separate user alignment critic evaluates an agent's actions before they happen. Or, in Google's words, the agent's actions are vetted by a separate model that is isolated from untrusted content. The browser will also expand origin isolation so agents can only interact with the sites relevant to the task. These guardrails are meant to catch both model mistakes and adversarial prompts before they cause trouble, because the biggest threat Google calls out is indirect prompt injection, malicious instructions hidden in web pages, iframes or user generated content that could trick an agent into taking harmful actions. To counter that, Chrome will require explicit user confirmation before visiting sensitive sites like banks or health portals, before signing in through Google Password Manager, and before doing anything with financial or personal consequences. Google says the agent will pause and either get permission from the user before proceeding, or ask the user to complete the next step. There's also a new real time detection system that checks every page the agent sees for indirect prompt ejection, plus continual automated red teaming that generates malicious sandboxed sites to try and break the guardrails. In addition, Google is offering up to $20,000 for researchers who find and report serious vulnerabilities in the new agentic security boundaries. Google says these protections form the foundation for Gemini powered agents in Chrome. They're clear that this is a work in progress and they have not yet committed to a release date. You could make the case that these protections probably should have been shipped with the agents and not after. But but still, Google is the one leading the public conversation on agent safety right now. OpenAI and Anthropic are also working on this problem, but so far Google is once again dominating the agenda and doing most of the talking. But the good news is a security framework is coming. Just not yet.

Next JS has released a dedicated scanner to help developers quickly find and fix the critical React to Shell vulnerability. Tracked as CVE2025 666478, this flaw affects React server components and can allow an attacker to run code on a server by sending a maliciously crafted request. It's a serious issue, and the scanner is designed as a rapid triage tool. The command line utility is called Fix React to Shell Next and the idea is simple one command to identify vulnerable versions of Next JS and React server components, and one command to apply the required security updates. They say it removes the guesswork of manually checking the packages or trying to patch each project by hand. The tool works recursively scanning every package JSON file in a code base, including complex mono repos used with npm, yarn, pnpm, or bun. That's important because large teams often have dozens of sub projects, and an outdated RSC dependency in any one of them can leave an application exposed.

So instead of relying on developers to spot version mismatches, the scanner automatically verifies the installed versions and it upgrades them to the patched releases included in the latest Next JS update.

For a vulnerability of this severity, automation is a godsend. This tool reduces the time between disclosure and remediation, and reduces the chance of a missed package or a misapplied fix. If you're running Next JS with React server components, the message from them is clear Run that scanner and that patch immediately.

There's another example this week of attackers turning defenders own tools against them as they quietly capture and sell system access to other attackers. The initial access broker known as Storm0249 is now using legitimate Microsoft Utilities and even endpoint detection and response components to hide malware activity and prepare for ransomware deployment. EDR is supposed to catch suspicious behavior, but this technique abuses the trust those tools already have inside the system.

Researchers at ReliaQuest analyzed an attack where Storm0249 leveraged Sentinel One's EDR components to load malware and maintain persistence. The key idea is that EDR agents run with elevated trust and deep access. By hijacking their processes, attackers can slip past normal monitoring and make their activity look like it belongs to a safe, whitelisted tool. According to ReliaQuest, the same approach works with other EDR products as well. Storm 0249 typically starts with mass phishing. But this campaign shows a shift to a quieter, more advanced tradecraft. Once they compromise a system, they use trusted Windows binaries and EDR frameworks to stage payloads, communicate back to their infrastructure, and prepare for follow on ransomware attacks because everything appears to be coming from a legitimate and deeply embedded security process, detecting it becomes far harder. The broader lesson is that defensive tools can become powerful masking layers when attackers figure out how to load their code inside them. Even well documented techniques can be difficult to counter when they piggyback on trusted security software.

And reports say that manufacturers have been the most targeted sector for ransomware for four years in a row, and new data suggest the problem may be getting worse. Cybersecurity firm Black Kite reports that 75% of manufacturing companies have at least one critical vulnerability with a CVSS score of 8.0 or higher. These are exactly the kinds of weaknesses ransomware groups automate their scans for, because they often lead straight to to system level access. A separate dataset from Trellix, a major threat detection and response company formed from the merger of McAfee Enterprises and FireEye, reinforces the same trend. Trellix collects telemetry from customer environments running operational technology ot the systems that control industrial and production equipment. Based on that telemetry, 42% of attacks targeting OT environments are were aimed at manufacturers. In other words, almost half of all ot targeted activity hits the industrial sector, and manufacturers face a difficult combination. They've got legacy systems that can't be patched frequently, long and complex supply chains and highly interconnected production networks. Plus, if a ransomware group can stop a production line or disrupt a supply chain, they gain immediate leverage. And that makes manufacturers a reliable, high value target. These weaknesses are well documented, widely understood, but hard to fix. And that's what keeps the industrial sector at the top of the ransomware hit list.

And that's our show for today. We'd like to thank Meter for their support in bringing you this podcast. Meter delivers full stack networking infrastructure, wired, wireless and cellular to leading enterprises. Working with their partners, Meter designs, deploys and manages everything required to get performant, reliable and secure connectivity. They design the hardware, the firmware, build the software, manage deployments, and run support. It's a single integrated solution that scales from branch offices to warehouses and large campuses to data centers. Book a demo@meter.com CST that's M E T E R.com CST.

And a final note for everyone out there. I saw two words beside my name that I didn't think I'd see for many years, bestseller. My book, a Tale of Quantum Kisses, at least the Audible version, has become a bestseller. And I can only think in large part that's because a lot of the people in the listening audience have been going and getting the book. And if so, thank you. And if you haven't heard it already, it's obviously popular. You can find it by searching@alysisabook.com or just search for Alyssa, E L I S A and Jim Love on Audible. And if you do read the book and enjoy it, consider leaving a review. We've gotten one really great one, and that's great. But sales are one thing. Reviews are gold in terms of being an author. Thanks again. And for both the podcast and the audiobook, I can say I'm your host, Jim Love. Thanks for listening.