Explore

Rapid Read Rapid Read
React2Shell Vulnerability Exploited by Cybercriminals, Impacting Numerous Organizations

React2Shell Vulnerability Exploited by Cybercriminals, Impacting Numerous Organizations

A critical vulnerability in the React library, known as React2Shell, is being actively exploited by cybercriminals. This vulnerability, officially tracked as CVE-2025-55182, affects systems using React version 19, particularly those with React Server Components. The flaw allows for unauthenticated remote code execution through specially crafted HTTP requests. Major cybersecurity firms have reported a surge in attacks, with Chinese threat actors initially exploiting the vulnerability. The attacks have led to the delivery of various malware types, including cryptocurrency miners and cloud credential theft tools. Notably, North Korea-linked actors have used the vulnerability to deploy persistent access implants like EtherRAT. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog, urging federal agencies to address it promptly.
Rapid Read Rapid Read
CISA Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-6218

CISA Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-6218

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in the WinRAR file archiver, identified as CVE-2025-6218, to its Known Exploited Vulnerabilities catalog. This path traversal bug, which has a CVSS score of 7.8, allows for code execution if a user opens a malicious file or visits a compromised webpage. The vulnerability affects only Windows-based versions of WinRAR and was patched in June 2025 with the release of WinRAR 7.12. Despite the patch, the flaw is being actively exploited by threat groups such as GOFFEE, Bitter, and Gamaredon. These groups have used the vulnerability to conduct espionage and sabotage operations, including phishing campaigns targeting Ukrainian entities.
Rapid Read Rapid Read
WinRAR Vulnerability CVE-2025-6218 Exploited by Multiple Threat Groups

WinRAR Vulnerability CVE-2025-6218 Exploited by Multiple Threat Groups

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability in the WinRAR file archiver, identified as CVE-2025-6218, to its Known Exploited Vulnerabilities catalog. This path traversal bug, which affects Windows-based builds, allows attackers to execute code by tricking users into opening malicious files. Despite being patched in June 2025, the flaw is actively exploited by threat groups such as GOFFEE, Bitter, and Gamaredon. These groups have used the vulnerability in targeted attacks, including phishing campaigns against Ukrainian entities, to deploy malware and conduct espionage operations.
Rapid Read Rapid Read
Log4Shell Vulnerability Persists with 40 Million Downloads in 2025

Log4Shell Vulnerability Persists with 40 Million Downloads in 2025

Sonatype has reported that 13% of Log4j versions downloaded in 2025 were vulnerable to the critical Log4Shell bug. This vulnerability, which has been a significant concern in cybersecurity circles, continues to pose risks as it is still being downloaded extensively. The Log4Shell bug, first identified in 2021, allows attackers to execute arbitrary code on affected systems, making it a severe threat to data security. Despite efforts to patch and secure systems, the continued download of vulnerable versions indicates ongoing challenges in cybersecurity management and awareness.
Rapid Read Rapid Read
North Korean Hackers Exploit React2Shell Vulnerability, Targeting Cryptocurrency

North Korean Hackers Exploit React2Shell Vulnerability, Targeting Cryptocurrency

Cybersecurity firm Sysdig has identified North Korean threat actors exploiting a vulnerability known as React2Shell, officially tracked as CVE-2025-55182, which affects version 19 of the React open source library. This vulnerability allows for unauthenticated remote code execution and has been used to deploy malware such as EtherRAT. The attacks have been linked to the DPRK-affiliated BeaverTail malware, previously used in campaigns targeting individuals in the cryptocurrency and blockchain sectors. The exploitation of React2Shell began shortly after the vulnerability was disclosed on December 3, with attacks involving AWS credential theft and cryptocurrency mining.
Rapid Read Rapid Read
Gogs Self-Hosted Git Instances Under Attack Due to Zero-Day Vulnerability

Gogs Self-Hosted Git Instances Under Attack Due to Zero-Day Vulnerability

A zero-day vulnerability in Gogs, a self-hosted Git service, is being actively exploited, affecting over 700 instances. The flaw, identified as CVE-2025-8110, allows attackers to execute remote code by exploiting symbolic links, a method not accounted for in previous patches. This vulnerability was discovered by Wiz researchers during an investigation into malware on an infected machine. The Gogs maintainers have been informed and are working on a fix, but exploitation continues. The vulnerability affects Gogs servers running version 0.13.3 or earlier with open-registration enabled, which is the default setting.
Rapid Read Rapid Read
React2Shell Vulnerability Exploited by North Korean Hackers, Says Sysdig

React2Shell Vulnerability Exploited by North Korean Hackers, Says Sysdig

Cybersecurity firm Sysdig has linked the exploitation of the React2Shell vulnerability to North Korean threat actors. The vulnerability, identified as CVE-2025-55182, affects version 19 of the React open source library and related frameworks like Next.js and Waku. It allows for unauthenticated remote code execution, posing a significant threat to applications using these technologies. The Shadowserver Foundation has identified approximately 70,000 vulnerable systems. Sysdig's analysis revealed that the attacks involve sophisticated techniques, including the deployment of EtherRAT, a persistent access implant. The attacks are believed to be part of a campaign similar to the North Korea-linked Contagious Interview, which targets individuals in the cryptocurrency sector.
Trendline Trendline
Adobe Addresses Critical Security Flaws with Patches for Nearly 140 Vulnerabilities

Adobe Addresses Critical Security Flaws with Patches for Nearly 140 Vulnerabilities

Adobe Addresses Critical Security Flaws with Patches for Nearly 140 Vulnerabilities
Rapid Read Rapid Read
Log4Shell Vulnerability Persists as 40 Million Downloads Occur in 2025

Log4Shell Vulnerability Persists as 40 Million Downloads Occur in 2025

In 2025, the Log4Shell vulnerability continues to pose a significant threat, with Sonatype reporting that 13% of Log4j versions downloaded this year were susceptible to this critical bug. Despite being a legacy issue, the vulnerability remains prevalent, highlighting ongoing challenges in cybersecurity. The widespread download of vulnerable versions underscores the need for improved security practices and awareness among developers and organizations. This persistent issue reflects broader concerns about the management and updating of software dependencies, which are critical to maintaining secure systems.
Rapid Read Rapid Read
React2Shell Vulnerability Exploited by China-Linked Hackers

React2Shell Vulnerability Exploited by China-Linked Hackers

The React2Shell vulnerability, identified as CVE-2025-55182, is currently being exploited by threat actors linked to Chinese state interests. This critical vulnerability, with a CVSS v3.1 score of 10, affects React Server Components versions 19.0.0 to 19.2.0. Amazon Web Services (AWS) has confirmed that groups such as Earth Lamia and Jackpot Panda are actively exploiting this flaw. These groups are known for targeting sectors like financial services, logistics, and government organizations across various regions. Over 2.15 million internet-facing services are potentially affected, with several proof-of-concept exploits already in circulation. The vulnerability allows for pre-authentication remote code execution, posing a significant threat to affected systems.
Rapid Read Rapid Read
Initial Access Brokers Increase Cyberattacks on Critical Infrastructure, Report Finds

Initial Access Brokers Increase Cyberattacks on Critical Infrastructure, Report Finds

A report by Check Point highlights the growing role of initial access brokers (IABs) in facilitating cyberattacks, including those targeting critical infrastructure. The report notes a significant increase in IAB activity, which allows advanced adversaries to outsource intrusion tasks, making it easier to breach targets. This trend is particularly concerning for sectors like government, healthcare, and transportation, where IAB-assisted attacks have surged. The report calls for enhanced identity security and protection of software supply chains to mitigate these threats.
Rapid Read Rapid Read
North Korean Hackers Exploit React2Shell Vulnerability to Target Cryptocurrency

North Korean Hackers Exploit React2Shell Vulnerability to Target Cryptocurrency

Cybersecurity firm Sysdig has identified that North Korean threat actors are exploiting a vulnerability known as React2Shell, officially tracked as CVE-2025-55182, which affects version 19 of the React open source library. This vulnerability allows for unauthenticated remote code execution and has been used in attacks targeting cryptocurrency and blockchain technologies. The attacks involve the deployment of EtherRAT, a persistent access implant that combines techniques from multiple documented campaigns. The goal of these attacks is to steal cryptocurrency from victims. The React2Shell vulnerability impacts not only React but also related frameworks such as Next.js, Waku, React Router, and RedwoodSDK. Despite React powering millions of applications, the number of vulnerable instances is relatively small, with approximately 70,000 affected systems identified by the Shadowserver Foundation.