Dark Reading

Attackers Use New Tool to Scan for React2Shell Exposure

New data suggests a cyber espionage group is laying the groundwork for attacks against major industries. The "React2Shell" vulnerability is already almost a few months old, but it's far from over. An ...
IEEE

Real-Time Disaster Relief Platform using MongoDB, Express.js, React.js, Node.js, and Geospatial Mapping

Abstract: Disaster relief missions are usually hampered by disconnected communication, poor real-time awareness, and resource coordination inefficiencies. This paper introduces a Disaster Relief ...
Dark Reading

RondoDox Botnet Expands Scope With React2Shell Exploitation

The threat actors behind the RondoDox botnet are among the latest attackers to take advantage of the React2Shell flaw, weaponizing the vulnerability as an initial access vector to deploy other ...
bitnewsbot

RondoDox Botnet Exploits React2Shell to Widen IoT Infections

Cybersecurity teams disclosed a nine-month campaign that recruited Internet of Things devices and web applications into the RondoDox botnet through late 2025. The activity used the critical ...
CSOonline

React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web

The React 19 library for building application interfaces was hit with a remote code vulnerability, React2Shell, about a month ago. However, as researchers delve deeper into the bug, the larger picture ...
InfoWorld

React2Shell is the Log4j moment for front end development

Attackers have upped the ante in their exploits of a recently-disclosed maximum severity vulnerability in React Server Components (RSC), Next.js, and related frameworks. Attackers initially exploited ...
Bleeping Computer

Google links more Chinese hacking groups to React2Shell attacks

Over the weekend, Google's threat intelligence team linked five more Chinese hacking groups to attacks exploiting the maximum-severity "React2Shell" remote code execution vulnerability. Tracked as CVE ...
Morningstar

PacketWatch 24/7 Cyber Incident Response Team Helps Organizations Recover From React2Shell Exploitations

PHOENIX, Dec. 12, 2025 /PRNewswire/ -- As organizations struggle to understand the impact of the React2Shell vulnerability, PacketWatch threat hunters have published a blog article, "Responding to ...
The Hacker News

React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to patch the recent React2Shell vulnerability by December 12, 2025, amid reports of widespread exploitation.
SecurityWeek

Wide Range of Malware Delivered in React2Shell Attacks

Cybersecurity companies have been seeing a wide range of malware being delivered in attacks exploiting the critical React vulnerability dubbed React2Shell. A researcher discovered recently that React, ...
The Record

Federal agencies now only have one more day to patch React2Shell bug

The amount of time federal agencies have to patch the recent React2Shell vulnerability has decreased significantly. The Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-55182 — a ...
Infosecurity-magazine.com

React2Shell Exploit Campaigns Tied to North Korean Cyber Intrusion Tactics

Security researchers at Sysdig have observed new campaigns exploiting React2Shell which appear to have the hallmarks of North Korean hackers. React2Shell is a remote code execution vulnerability in ...