GovInfoSecurity

RondoDox Botnet Exploiting Devices With React2Shell Flaw

Security firm CloudSEK has uncovered a botnet campaign that is exploiting the React2Shell vulnerability in the Meta-developed ...

This SmarterMail vulnerability allows Remote Code Execution - here's what we know

Business-grade email server software SmarterMail just patched a maximum-severity vulnerability that allowed threat actors to ...

RondoDox botnet exploits React2Shell flaw to breach Next.js servers

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js ...
InfoWorld

React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web

The explosive, easy-to-trigger vulnerability was exploited within hours of disclosure, exposing the risks of default ...
Dark Reading

Sunken Ships: Will Orgs Learn From Ivanti EPMM Attacks?

The zero-day exploitations of Ivanti's MDM platform meant unprecedented pwning of 1000s of orgs by a Chinese APT — and ...
Bleeping Computer

Google links more Chinese hacking groups to React2Shell attacks

Over the weekend, Google's threat intelligence team linked five more Chinese hacking groups to attacks exploiting the maximum-severity "React2Shell" remote code execution vulnerability. Tracked as CVE ...
Computer Weekly

ClickFix attacks that bypass cyber controls on the rise

So-called ClickFix or ClearFake attacks that bypass security controls and use unwitting victims to execute a cyber attack of their own accord are surging at the end of 2025, even outpacing phishing or ...

Bitfinex Hacker Walks Free: Ilya Lichtenstein Released Early Under Trump’s First Step Act

In November 2024, Lichtenstein received a federal prison sentence of five years for being part of a money laundering ...

New Era Energy Stock Plummets After CEO Allegedly Flouts Environmental Rules for Personal Gains in Oil & Gas Scam

New Era Energy CEO siphoned revenue from New Mexico oil and gas wells that produce fossil fuels via shell companies while ...
Business Insider

Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide

In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React Server Components (RSC) that enables remote code execution (RCE), was publicly disclosed. Shortly after publication, multiple ...