React/Next.js, New Malware, Communication Changes, Android
Risk 1: High
Issue: A huge vulnerability has been located in a toolset known as React / Next.js. This may or may not sound familiar, but it is one of the largest tools used in most modern websites and website applications. This vulnerability allows for remote code execution and can, ultimately, lead to malware execution as well as breach of data connected to those websites.
This is believed to be one of the largest web-based vulnerabilities recently.
This is the issue that caused the Cloudflare outage today, December 5, 2025.
Resolution: People should reach out to their website provider to determine if React/Next.js is in use and what the plan is to rectify.
Similarly, users should reach out to any web-based software provider (including workflow management, tax preparation, and ledger software) to determine if any exposure occurred.
Risk 2: Medium
Issue: An increase in a ransomware product known as Scattered Spider and DragonForce has been detected. SS/DF is shared typically through very sophisticated social engineering (fake accounts/contacts that try to extract information from unsuspecting users). If installed, SS/DF has been known to steal and sell the data they encrypt, not just lock it from the user. This makes it particularly more dangerous.
Resolution: Users should be particularly careful when interacting with people and accounts online, ensuring the authenticity of the account. This is very crucial, especially during the holiday season when there is an overall increased interaction online.
Most enterprise-level security products are currently detecting this malware, but it is important to act quickly if there is a concern over potential infection.
Risk 3: Low
Issue: Over concerns related to terrorist activities, Russia has started blocking Snapchat, FaceTime, and some WhatsApp activity. Users with clients, family, or friends may be unable to use standard communication channels to communicate.
Similarly, Russia has also blocked Roblox activity.
Resolution: No resolution.
Risk 4: Medium
Issue: Google has announced a fix for over 100 known vulnerabilities in their Android operating system, including two that are zero-day exploits (meaning they are currently being utilized and exploited). Most of the vulnerabilities are minor, but a few do provide remote execution of malware.
Resolution: Any one with an Android device should update their device immediately. There are no known operational issues with the current update.
Announced Data Breaches
Inotiv
Marquis (Including 74 banks/credit unions)
Leroy Merlin
Freedom Mobile
University of Phoenix
University of Pennsylvania (again)
Upcoming Live & Webinar CE (External)
Week of Jan 5: 3-Hour AI Bootcamp (Webinar - Pending)
Financial Guardians is a proud member of InCite, the recently launched online community exclusively for tax professionals, bookkeepers, and accountants. InCite members receive a 30% discount.
Financial Guardians has partnered with the California Society of Tax Consultants to provide a 30% access discount as well as many other offers. More info can be found at www.cstcsociety.org
