meta News Articles
Recent news articles refferecing the vendors vulnerabilities.
The Hacker NewsCVE-2025-55182ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories
ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.
12 hours ago
Bank Info SecurityCVE-2025-55182Breach Roundup: DPRK-Linked EtherRAT Targets React2Shell
This week, likely North Korean hackers exploited React2Shell. The Dutch government defended its seizure of Nexperia. Prompt injection may be here to stay. Hikvision
17 hours ago
Critical React2Shell flaw exploited in ransomware attacks
A ransomware gang exploited the critical React2Shell vulnerability (CVE-2025-55182) to gain initial access to corporate networks and deployed the file-encrypting malware less than a minute later.
1 day ago
CybersecurityNewsCVE-2025-55182Microsoft Details Mitigations Against React2Shell RCE Vulnerability in React Server Components
Microsoft issued mitigations for React2Shell (CVE-2025-55182), a critical pre-auth RCE flaw impacting React Server Components and Next.js.
2 days ago
iZOOlogicCVE-2025-55182React2Shell CVE-2025-55182: Critical RCE Risk in Web Applications
React2Shell (CVE-2025-55182) explained a critical warning for web developers about a severe React Server Components vulnerability, its impact on modern apps, and how to respond.
3 days ago
CVE-2025-55182: Critical React Vulnerability Hits Crypto Frontends
CVE-2025-55182: Critical React vulnerability hits crypto Frontends, and is already being used in crypto-drainer attacks against legitimate sites.
3 days ago
The Hacker NewsCVE-2025-55182React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors
React2Shell vulnerability CVE-2025-55182 is actively exploited to deploy Linux malware, run commands, and steal cloud credentials at scale.
3 days ago
React2Shell attacks expand widely across multiple sectors
Researchers warn that state-linked and opportunistic actors are working to exploit flaws in React’s application tools.
3 days ago
CVE-2025-55183 and CVE-2025-55184: New React RSC Vulnerabilities Expose Applications to Denial of Service Attacks and Source Code Leaks | SOC Prime
Explore details for CVE-2025-55183 and CVE-2025-55184, React RSC vulnerabilities enabling DoS and source disclosure, with an analysis on SOC Prime blog.
3 days ago
Google links more Chinese hacking groups to React2Shell attacks
Over the weekend, Google's threat intelligence team linked five more Chinese hacking groups to attacks exploiting the maximum-severity
4 days ago
Security AffairsCVE-2025-55182Security Affairs newsletter Round 554 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs in your email box
4 days ago
Google CloudCVE-2025-55182Cloud CISO Perspectives: Our 2026 Cybersecurity Forecast report | Google Cloud Blog
Francis deSouza shares our Cybersecurity Forecast report for the coming year, with additional insights from our Office of the CISO colleagues.
6 days ago
React2Shell Exploits Flood the Internet as Attacks Continue
As exploitation activity against CVE-2025-55182, researchers are finding some exploits contain bypasses for Web application firewall (WAF) rules.
6 days ago
Three New React Vulnerabilities Surface on the Heels of React2Shell
New React vulnerabilities widen the impact of React2Shell, exposing risks from RCE to DoS and source leaks. Teams must upgrade and mitigate immediately.
6 days ago
theregister.comNew React vulns leak secrets, invite DoS attacks
If you're running React Server Components, you just can't catch a break. In addition to already-reported flaws, newly discovered bugs allow attackers to hang vulnerable servers and potentially leak Server...
6 days ago
Techzine GlobalCVE-2025-55182Three new vulnerabilities discovered in React Server Components
Three new vulnerabilities discovered in React Server Components: two enable denial of service, a third leaks source code. Update immediately.
6 days ago
New React RSC Vulnerabilities Enable DoS and Source Code Exposure
React patches three RSC bugs causing DoS and code exposure, urging updates to fixed 19.x releases.
1 week ago
The Hacker NewsCVE-2025-55182React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation
CISA warns that attackers are actively exploiting the React2Shell CVE-2025-55182 flaw, urging fast patching across vulnerable systems.
1 week ago
HackreadCVE-2025-55182Critical ‘React2Shell’ Vulnerability (CVE-2025-55182) is Being Actively Exploited
A serious security vulnerability has been discovered in the popular React web development library and related frameworks like Next.js, allowing attackers to possibly take full control of affected servers....
1 week ago
Google CloudCVE-2025-55182Multiple Threat Actors Exploit React2Shell (CVE-2025-55182) | Google Cloud Blog
Widespread exploitation of the React2Shell vulnerability (CVE-2025-55182) by multiple threat actors, including China and cyber criminals.
1 week ago
The Cloudflare BlogReact2Shell and related RSC vulnerabilities threat brief- early exploitation activity and threat actor techniques
Early activity indicates that threat actors quickly integrated this vulnerability into their scanning and reconnaissance routines and targeted critical infrastructure including nuclear fuel, uranium and rare earth elements. We outline the tactics they appear to be using and how Cloudflare is protect...
1 week ago
Sophos NewsCVE-2025-55182React2Shell flaw (CVE-2025-55182) exploited for remote code execution
Sophos analysts are investigating the widespread exploitation of a critical vulnerability dubbed ‘React2Shell’ that affects React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0. This...
1 week ago
The Hacker NewsCVE-2025-55182ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit — and 20 More Stories
The latest ThreatsDay Bulletin breaks down the week’s biggest stories — rootkits evading Windows, Docker leaks, AI risks and global surveillance moves
1 week ago
BitdefenderCVE-2025-55182Technical Advisory: React2Shell Critical Unauthenticated RCE in React (CVE-2025-55182)
TL;DR Ransomware groups are expected to rapidly weaponize this critical (CVSS 10.
1 week ago
The Hacker NewsCVE-2025-55182React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors
Critical React Server Components flaw (CVE-2025-55182) fuels automated attacks dropping miners and multiple new Linux malware families.
1 week ago
infoq.comCVE-2025-55182Patch Urgently - Critical Vulnerability CVE-2025-55182 in React Server Functions Actively Exploited
An unauthenticated remote code execution (RCE) vulnerability in React Server Components (RSC) was recently reported with the highest severity (10.0). Amazon threat intelligence teams report active exp
1 week ago
The Hacker NewsCVE-2025-55182North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware
North Korea-linked attackers exploit CVE-2025-55182 to deploy EtherRAT, a smart-contract-based RAT with multi-stage persistence.
1 week ago
Risky BizAPTs go after the React2Shell vulnerability within hours
In other news: CISA Director nomination stalls again; NSA cuts 2,000 staff; Intellexa still active despite sanctions.
2 weeks ago
React2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerable
Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now confirming that attackers have already compromised over 30 organizations across multiple sectors.
2 weeks ago
The Hacker NewsCVE-2025-55182Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation
CISA flags the React2Shell remote code flaw after real-world attacks hit millions of exposed services.
2 weeks ago
Check Point BlogCVE-2025-55182What is “React2Shell” (CVE-2025-55182) - in Plain English - and Why Check Point CloudGuard WAF Customers Carried on with Their Day - Check Point Blog
Note: Before we dive in, Check Point CloudGuard WAF customers were proactively protected and not affected by React2Shell. In early December 2025, the
2 weeks ago
GreyNoiseCVE-2025-55182CVE-2025-55182 (React2Shell) Opportunistic Exploitation In The Wild: What The GreyNoise Observation Grid Is Seeing So Far
GreyNoise is already seeing opportunistic, largely automated exploitation attempts consistent with the newly disclosed React Server Components (RSC) “Flight” protocol RCE—often referred to publicly as “React2Shell” and tracked as CVE-2025-55182.
2 weeks ago
React2Shell Vulnerability: Maximum-Severity Flaw in React Server Components Actively Exploited by China-Backed Groups | SOC Prime
Explore details for React2Shell, a max-severity RCE vulnerability in React Server Components, with an exploitation analysis on our SOC Prime blog.
2 weeks ago
Infosecurity MagazineCVE-2025-55182React.js Hit by Maximum-Severity 'React2Shell' Vulnerability
A critical RCE flaw in React.js, dubbed React2Shell (CVE-2025-55182), has been disclosed with a maximum CVSS score of 10.0, posing severe risks for server
2 weeks ago
React2Shell Vulnerability Under Attack From China-Nexus Groups
A maximum-severity vulnerability affecting the React JavaScript library has been exploited in the wild, further stressing the need to patch now.
2 weeks ago
The Hacker NewsCVE-2025-55182Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability
AWS reports China-linked groups Earth Lamia and Jackpot Panda rapidly attacking the critical React2Shell CVE-2025-55182 RCE flaw.
2 weeks ago
PortSwiggerHow to detect React2Shell with Burp Suite
React2Shell vulnerabilities in Next.js applications are now scannable across Burp Suite.
2 weeks ago
CVE-2025-55182 & 66478: Next.js RSC RCE Detection
Detect RSC/Next.js RCE for CVE-2025-55182 and CVE-2025-66478 using a high-fidelity 500 error + digest signature, and apply patching and WAF mitigations.
2 weeks ago
React2Shell critical flaw actively exploited in China-linked attacks
Multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) affecting React and Next.js just hours after the max-severity issue was disclosed.
2 weeks ago
KasperskyCVE-2025-55182CVE-2025-55182 vulnerability in React and Next.js
Ways to protect against the dangerous React4Shell vulnerability (CVE-2025-55182) in React server components (RSC).
2 weeks ago
Unit 42Critical Vulnerabilities in React Server Components and Next.js
We discuss the CVSS 10.0-rated RCE vulnerabilities in the Flight protocol used by React Server Components. These are tracked as CVE-2025-55182 and CVE-2025-55182-66478.
2 weeks ago
Critical React, Next.js flaw lets hackers execute code on servers
A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
2 weeks ago
Help Net SecurityCVE-2025-55182Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182) - Help Net Security
A vulnerability (CVE-2025-55182) in React Server Components may allow attackers to achieve unauthenticated remote code exection on the server.
2 weeks ago
Google CloudCVE-2025-55182Responding to CVE-2025-55182 | Google Cloud Blog
Follow these recommendations to minimize remote code execution risks in React and Next.js from CVE-2025-55182 vulnerabilities.
2 weeks ago
React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability
Critical React vulnerability tracked as CVE-2025-55182 and React2Shell can be exploited for unauthenticated remote code execution.
2 weeks ago
Critical React Flaw Triggers Calls for Immediate Action
The vulnerability, which was assigned two CVEs with maximum CVSS scores of 10, may affect more than a third of cloud service providers.
2 weeks ago
CyberScoopCVE-2025-55182Developers scramble as critical React flaw threatens major apps
The open-source code library is one of the most extensively used application frameworks. Wiz found vulnerable versions in around 39% of cloud environments.
2 weeks ago
The Hacker NewsCVE-2025-55182Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution
Critical RSC flaws in React and Next.js enable unauthenticated remote code execution; users should update to patched versions now.
2 weeks ago