CVE-2025-55182 is a vulnerability tracked across 43 threat clusters and 83 intelligence report mentions on ThreatCluster. First observed December 3, 2025; most recent activity July 2, 2026.
The RondoDox botnet is exploiting the React2Shell vulnerability (CVE-2025-55182) to infect vulnerable .js servers with malware and cryptominers. This ongoing campaign has been active for nine months, primarily targeting…
A critical vulnerability in the nginx-ui web server management tool, tracked as CVE-2026-33032, has been actively exploited since March 2026. This flaw allows attackers to bypass authentication on the /mcp_message…
AWS has highlighted the risks associated with unmonitored outbound traffic in cloud environments, particularly in light of the CVE-2025-55182 vulnerability affecting React Server Components. This vulnerability allows…
A coordinated supply chain attack has been identified, targeting vulnerability researchers and penetration testers through malicious proof-of-concept (PoC) repositories on GitHub. The malware, named ChocoPoC, is a…
A large-scale automated credential harvesting campaign, tracked as UAT-10608, has compromised at least 766 hosts globally within 24 hours. The attackers exploit the React2Shell vulnerability (CVE-2025-55182), a…
GreyNoise Intelligence has released a report indicating that spikes in malicious activity often precede the disclosure of new vulnerabilities in edge devices. The study tracked 147.8 million sessions over 103 days,…
Recent research from Darktrace reveals the evolution of Chinese-nexus cyber operations over the past two decades, highlighting a shift from high-volume attacks to more strategic, identity-centric intrusions. This change…
On December 3, 2025, Meta disclosed CVE-2025-55182, a critical remote code execution vulnerability dubbed React2Shell, affecting React Server Components. The flaw arises from improper type validation in the Flight…
A group of hackers suspected to be linked to North Korea has targeted cryptocurrency firms, exploiting the React2Shell vulnerability (CVE-2025-55182). The attackers compromised AWS access credentials to infiltrate cloud…
In late March 2026, the Vect ransomware group partnered with TeamPCP, a credential theft specialist, to enhance their cybercriminal operations. This collaboration aims to leverage TeamPCP's extensive credential…