#react2shell-cve-2025-55182

[ follow ]
#supply-chain-attack #iot-botnet #browser-extension-compromise #react-server-components-rsc
Information security
fromThe Hacker News
2 weeks ago

Weekly Recap: IoT Exploits, Wallet Breaches, Rogue Extensions, AI Abuse & More

Steady, quiet exploitation of trusted mechanisms—updates, extensions, logins, and messages—drives long-lived attacks like RondoDox and supply-chain compromises.
Information security
fromInfoWorld
1 month ago

React2Shell is the Log4j moment for front end development

A Flight protocol validation failure in React Server Components and Next.js (React2Shell, CVE-2025-55182) enables unauthenticated remote code execution and rapid ransomware deployment.
fromBleepingComputer
1 month ago

North Korean hackers exploit React2Shell flaw in EtherRAT malware attacks

A new malware implant called EtherRAT, deployed in a recent React2Shell attack, runs five separate Linux persistence mechanisms and leverages Ethereum smart contracts for communication with the attacker. Researchers at cloud security company Sysdig believe that the malware aligns with North Korea's tools used in Contagious Interview campaigns. They recovered EtherRAT from a compromised Next.js application just two days after the disclosure of the critical React2Shell vulnerability tracked as CVE-2025-55182.
Information security
[ Load more ]