React2Shell is a malware family tracked across 50 threat clusters and 130 intelligence report mentions on ThreatCluster. First observed December 4, 2025; most recent activity July 15, 2026.
The React2Shell remote code execution (RCE) vulnerability has been actively exploited to execute malicious code. This flaw affects various systems using the React framework, posing significant risks to organizations.…
The RondoDox botnet is exploiting the React2Shell vulnerability (CVE-2025-55182) to infect vulnerable .js servers with malware and cryptominers. This ongoing campaign has been active for nine months, primarily targeting…
A critical vulnerability in the nginx-ui web server management tool, tracked as CVE-2026-33032, has been actively exploited since March 2026. This flaw allows attackers to bypass authentication on the /mcp_message…
AWS has highlighted the risks associated with unmonitored outbound traffic in cloud environments, particularly in light of the CVE-2025-55182 vulnerability affecting React Server Components. This vulnerability allows…
A coordinated supply chain attack has been identified, targeting vulnerability researchers and penetration testers through malicious proof-of-concept (PoC) repositories on GitHub. The malware, named ChocoPoC, is a…
In 2025, Cisco's Talos reported a significant increase in the speed at which cybercriminals exploit vulnerabilities, particularly highlighting the React2Shell vulnerability disclosed in December 2025, which became the…
A large-scale automated credential harvesting campaign, tracked as UAT-10608, has compromised at least 766 hosts globally within 24 hours. The attackers exploit the React2Shell vulnerability (CVE-2025-55182), a…
GreyNoise Intelligence has released a report indicating that spikes in malicious activity often precede the disclosure of new vulnerabilities in edge devices. The study tracked 147.8 million sessions over 103 days,…
Recent research from Darktrace reveals the evolution of Chinese-nexus cyber operations over the past two decades, highlighting a shift from high-volume attacks to more strategic, identity-centric intrusions. This change…
On December 3, 2025, Meta disclosed CVE-2025-55182, a critical remote code execution vulnerability dubbed React2Shell, affecting React Server Components. The flaw arises from improper type validation in the Flight…