Tag: CVE-2025-55182
-
UAT-10608 Collective Hijacked 700+ Next.js Servers in Hours
Cybersecurity specialists have chronicled a voluminous, automated campaign for credential harvesting that, within a mere matter of hours, besieged hundreds of servers across the globe. The offensive unfolded with minimal human intervention, preying upon a vulnerability within ubiquitous web applications to transmute them into fountains of confidential intelligence. The Cisco Talos vanguard has unmasked the…
-
The Invisible Proxy: How Hackers Are Weaponizing NGINX and Baota Panels to Hijack Web Traffic
Security analysts at Datadog have unmasked an ongoing traffic interception campaign targeting NGINX servers and hosting management interfaces, most notably the Baota panel prevalent throughout Asia. Adversaries are surreptitiously embedding deleterious directives into server configurations to reroute user solicitations through clandestine nodes, effectively establishing a “man-in-the-middle” posture between the web entity and its visitors. The…
-
Beyond the Shell: Critical React2Shell Exploit Hits Japan to Deploy Stealthy ZnDoor RAT
Since early December 2025, SOC teams in Japan have been observing a wave of attacks exploiting React2Shell (CVE-2025-55182)—a remote code execution vulnerability in React/Next.js that already has a public proof of concept and is now being abused at scale against web services. In many incidents, attackers deploy familiar payloads such as cryptocurrency miners, but in…
-
The Next Log4Shell? Global Hackers Weaponize React2Shell for RCE and Cloud Takeovers
A critical vulnerability in the widely used JavaScript library React, dubbed React2Shell, is already being exploited at scale. According to Google, at least five newly identified Chinese espionage groups, “Iran-linked” threat actors, and common cybercriminals have joined the wave of attacks. Tracked as CVE-2025-55182, the flaw allows an unauthenticated attacker to remotely execute code on…
-
React2Shell Exploit: Critical RCE Flaw (CVSS 10.0) Under Active Attack with New Backdoors
Immediately following the public disclosure of a critical vulnerability in React Server Components, threat actors began exploiting it in attacks against organizations across multiple industries. The Huntress team reports that the flaw is an unauthenticated remote code execution (RCE) vulnerability, enabling attackers to run arbitrary code via a single, specially crafted HTTP request. The vulnerability…
-
Next-Gen Malware: EtherRAT Uses Ethereum Smart Contract for Stealth C2
The emergence of a new malicious tool within the React2Shell attack chain has become a notable development amid the surge of compromises that followed the disclosure of CVE-2025-55182. This time, the activity goes far beyond the previously observed attempts to deploy cryptominers or rudimentary data stealers. The Sysdig Threat Research Team has identified an unusual…
-
React2Shell Exploit: Botnets Target 150K+ Devices Daily with Node.js Flaw
A newly discovered vulnerability in Node.js, designated CVE-2025-55182 and informally dubbed React2Shell, has become a favored weapon of botnets within mere days of its disclosure. Operators are now launching widespread attacks against vulnerable web applications and IoT devices, deploying Mirai-style binaries and cryptominers, while the number of blocked exploitation attempts has surged past 150,000 per…
-
Cloudflare Outage Caused by Frantic Patching of Critical React2Shell (CVE-2025-55182) Flaw
Cloudflare’s global infrastructure has suffered a second major outage in less than a month — and it has now become clear that the cause was not an attack, but a frantic effort to patch a critical flaw in the widely used JavaScript library React, a vulnerability dubbed React2Shell (CVE-2025-55182). Early in the morning of 5…
-
China APTs Exploiting React Server RCE (CVE-2025-55182) Hours After Disclosure
Two China-linked hacking groups began exploiting a critical vulnerability in React Server Components just hours after it became public. The flaw — CVE-2025-55182, rated a maximum 10 — has already been dubbed React2Shell and enables remote execution of arbitrary code on a vulnerable server without any form of authentication. Although the issue has been patched…
-
MAX SEVERITY: Critical Flaw in React Server Allows Unauthenticated RCE
Developers and administrators worldwide are scrambling to update their servers after the disclosure of a critical vulnerability in React Server — a flaw that enables unauthenticated remote code execution through a single crafted HTTP request. A public exploit is already available, and the issue has been assigned the maximum severity score: a perfect 10.0 on…