#cve202555182 hashtag - Bluesky

Kubernetes Cloud Threats

5 days ago

~Paloalto~
Actors exploit K8s flaws & React2Shell to steal tokens and escalate cloud privileges.
-
IOCs: 104. 238. 149. 198, 45. 76. 155. 14, 23. 235. 188. 3
-
#CVE202555182 #Kubernetes #ThreatIntel

0 0 0 0

UAT-10608 Exploits React2Shell

1 week ago

~Talos~
UAT-10608 exploits React2Shell (CVE-2025-55182) in Next.js apps to deploy NEXUS Listener for mass credential theft.
-
IOCs: 144. 172. 102. 88, 172. 86. 127. 128, 144. 172. 112. 136
-
#CVE202555182 #Malware #ThreatIntel

0 0 0 0

Hexxed BitHeadz

@hexxedbitheadz.bsky.social

3 months ago

React2Shell (CVE-2025-55182) – Hexxed BitHeadz

This month's project, we threw React2Shell (CVE-2025-55182) in our GOAD instance and then executed Sliver C2 payload using Early Bird technique!

Part 1 out now.

hexxedbitheadz.com/react2shell-...

#React2Shell #CVE202555182 #GOAD #ActiveDirectory #Cybersecurity #Hacking

0 0 0 0

CyberTaters

@potato.software

3 months ago

Was sich hinter der hochbrisanten und noch aktiven Schwachstelle React2Shell verbirgt

@CheckPointSW #CVE202555182 #Potatosecurity #Potatosicherheit #React2Shell #Schwachstelle #Sicherheitslücke #WebApplicationFirewall

0 0 0 0

Ralf Ladner

@ralf-ladner.bsky.social

3 months ago

Was sich hinter der hochbrisanten und noch aktiven Schwachstelle React2Shell verbirgt Anfang Dezember 2025 gab das Team hinter „React“ – der am weitesten verbreiteten Technologie für heutige Websites und digitale Dienste – eine kritische

Was sich hinter der hochbrisanten und noch aktiven Schwachstelle React2Shell verbirgt

@CheckPointSW #CVE202555182 #Cybersecurity #Cybersicherheit #React2Shell #Schwachstelle #Sicherheitslücke #WebApplicationFirewall

1 0 0 0

CyberTaters

@potato.software

3 months ago

#React2Shell exploitation spreads as #Microsoft counts hundreds of mashed machines
www.theregister.com/2025/12/18/r...

Says attackers have already compromised "several hundred machines across a diverse set of organizations".
#PotatoSecurity #INfoSec #Vulnerability #CVE202555182 #ThreatIntelligence

0 0 0 0

LaneSystems

@lanesystems.bsky.social

3 months ago

#React2Shell exploitation spreads as #Microsoft counts hundreds of hacked machines
www.theregister.com/2025/12/18/r...

Says attackers have already compromised "several hundred machines across a diverse set of organizations".
#CyberSecurity #INfoSec #Vulnerability #CVE202555182 #ThreatIntelligence

0 0 0 0

@greynoise.infosec.exchange.ap.brid.gy

3 months ago

Update: Analyzing React2Shell payloads. Full breakdown from @hrbrmstr 👉 www.greynoise.io/blog/react2shell-payload...

#React2Shell #Nextjs #CVE202555182

2 0 0 0

React2Shell Payload Analysis: A Look at Selected Opportunistic and Possibly AI- Over the past ~1.5 weeks, the React2Shell campaign has unleashed a flood of exploitation attempts targeting vulnerable React Server Components. Analyzing the payload size distribution across these att...

@greynoise.io

3 months ago

Update: Analyzing React2Shell payloads. Full breakdown from @hrbrmstr.dev 👇
#React2Shell #Nextjs #CVE202555182

5 3 0 0

React2Shell RCE (CVE-2025-55182)

3 months ago

~Microsoft~
Critical pre-auth RCE in React Server Components is actively exploited to deploy coin miners and RATs; patch immediately.
-
IOCs: 194. 69. 203. 32, 162. 215. 170. 26, 216. 158. 232. 43
-
#CVE202555182 #RCE #React #ThreatIntel

0 0 0 0

CrowdSec

@crowdsec.bsky.social

3 months ago

🚨 In this week’s newsletter, we revisit React2Shell (CVE-2025-55182) as exploitation surged from hundreds to over 10K daily attackers.

Read the full analysis and protect your systems 👉 www.crowdsec.net/vulntracking...

#React2Shell #CVE202555182 #threatalert #cybersecurity

0 0 0 0

The Daily Tech Feed

@thedailytechfeed.com

3 months ago

Critical Alert: React2Shell (CVE-2025-55182) is under active exploitation by state-sponsored actors. Immediate patching required to prevent unauthenticated RCE. #CyberSecurity #React2Shell #CVE202555182 Link: thedailytechfeed.com/react2shell-...

0 0 0 0

Threat Actors Exploit React2Shell CVE-2025-55182

3 months ago

~Mandiant~
Multiple threat actors are exploiting the critical React2Shell RCE to deploy backdoors, tunnelers, and cryptominers.
-
IOCs: reactcdn. windowserrorapis. com, 82. 163. 22. 139, 45. 76. 155. 14
-
#CVE202555182 #React #ThreatIntel

0 0 0 0

CyberTaters

@potato.software

4 months ago

Just in: Watch #React2Shell exploitation unfold over time in the map below (geo of source IPs attempting to exploit CVE-2025-55182).

#GreyNoise #ThreatIntel #CVE202555182 #Nextjs #Potatosecurity

1 0 0 0

@greynoise.infosec.exchange.ap.brid.gy

4 months ago

Just in: Watch #React2Shell exploitation unfold over time in the map below (geo of source IPs attempting to exploit CVE-2025-55182).

#GreyNoise #ThreatIntel #CVE202555182 #Nextjs #Cybersecurity

1 2 0 0

@greynoise.io

4 months ago

Just in: Watch #React2Shell exploitation unfold over time in the map below (geo of source IPs attempting to exploit CVE-2025-55182).

#GreyNoise #ThreatIntel #CVE202555182 #Nextjs #Cybersecurity

8 4 0 1

Chinese Hackers & the React2Shell Crisis Chinese Hackers & the React2Shell Crisis This week, we dive deep into the critical, maximum-severity security flaw known as React2Shell (tracked as CVE-2025-55182). This vulnerability, which impacts React, the widely-used open-source JavaScript library, allows for unauthenticated remote code execution (RCE) through specially crafted HTTP requests on affected servers. The episode explores the immediate aftermath of the disclosure. Exploitation attempts began quickly, with Amazon Web Services (AWS) reporting that multiple China-linked threat groups, specifically Earth Lamia and Jackpot Panda, were exploiting the flaw within hours of its public availability. These actors are using both automated tools and individual exploits, and some are even actively debugging and refining their techniques against live targets. Earth Lamia has been active since at least 2023, targeting various industries in Latin America, the Middle East, and Southeast Asia, while Jackpot Panda focuses on cyberespionage operations in Asia. We also discuss the significant collateral damage caused by the urgent need to patch this flaw. Internet infrastructure giant Cloudflare experienced a widespread global outage, returning "500 Internal Server Error" messages worldwide, and attributed the incident to an emergency patch deployed to mitigate the industry-wide React2Shell vulnerability. This change was related to how Cloudflare’s Web Application Firewall parsed requests. Finally, we clarify the scope of the vulnerability: React2Shell primarily impacts server-side components. Specifically, it affects React versions 19.0, 19.1.0, 19.1.1, and 19.2.0, particularly instances using a relatively new server feature. Standard React Native mobile apps are generally safe, but any backend built using Next.js (App Router) or React 19 Server Components that communicates with the mobile app is at critical risk. Furthermore, developers need to be aware of a separate, but timely, vulnerability (CVE-2025-11953) affecting the local React Native CLI development server. Key Concepts and Takeaways - Vulnerability: React2Shell, CVE-2025-55182, is a critical vulnerability allowing unauthenticated remote code execution on affected servers. - Scope: Impacts the React open-source JavaScript library, particularly React version 19 and dependent React frameworks such as Next.js (App Router). Cloud security giant Wiz reported that 39% of cloud environments contain vulnerable React instances. - Threat Actors: Exploitation is linked to China-linked threat groups, including Earth Lamia and Jackpot Panda. - Major Impact: An emergency mitigation patch designed to address React2Shell caused a widespread global outage at Cloudflare. - Fix: Patches were available shortly after disclosure, reported to Meta on November 29 and patched on December 3. Users must upgrade affected dependencies like react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack to version 19.0.1 or higher. Resources and Links - SecurityWeek (Source Context): (Note: Specific articles discussed are embedded within the episode content.) - Expo Changelog: For specific SDK patch instructions. - Sponsor Link: Protecting mobile app integrity against security threats is vital: https://approov.io/podcast Keywords (Optimized for SEO) React2Shell, , Remote Code Execution (RCE), China-linked hackers, Earth Lamia, Jackpot Panda, React Server Components (RSC), Next.js vulnerability, React 19 security, web security, patch management, cyber espionage, critical vulnerability, application security

@greynoise.io

4 months ago

Graphic summarizing five React2Shell attacker profiles: Mass Scanners, VPN/Proxy Users, Cryptomining Operators, Malware Distribution Infrastructure, and Reconnaissance Specialists. Each group shows distinct characteristics, JA4+ signatures, and assessments ranging from benign scanning to organized cybercrime activity. GreyNoise notes customers receive full signatures in their intelligence brief.

👀 React2Shell attacker profiles fresh from GreyNoise telemetry: info.greynoise.io/hubfs/PDFs-S..., don't miss the latest contribution from GreyNoise Labs on React2Shell: www.labs.greynoise.io/grimoire/202...

#React2Shell #Nextjs #CVE202555182 #CVE #GreyNoise

10 6 0 1

The Daily Tech Feed

@thedailytechfeed.com

4 months ago

Critical Alert: React2Shell (CVE-2025-55182) vulnerability under active exploitation. Immediate patching required to prevent unauthenticated RCE. #CyberSecurity #React2Shell #CVE202555182 Link: thedailytechfeed.com/critical-rea...

0 0 0 0

Approov Mobile Security

@approov.bsky.social

4 months ago

📣 New Podcast! "Chinese Hackers & the React2Shell Crisis" on @Spreaker #cve_2025_55182 #cve202555182 #cybersecurity #earthlamia #jackpotpanda #nextjs #react2shell #upwardlymobile #websecurity

2 0 0 0

React2Shell RCE Vulnerability

4 months ago

~Zscaler~
A critical RCE vulnerability (CVE-2025-55182, CVSS 10.0) in React Server Components allows unauthenticated code execution.
-
IOCs: CVE-2025-55182
-
#CVE202555182 #RCE #React2Shell #ThreatIntel

0 0 0 0

Intel Night OWL 🦉🇺🇸

@intelnightowl.bsky.social

4 months ago

React2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerable Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now confirming that attackers have already compromise...

#React2Shell flaw #exploited to breach 30 orgs, 77k IP addresses vulnerable #CVE202555182

www.bleepingcomputer.com/news/securit...

4 1 0 0

Critical RCE in React Server Components

4 months ago

~Trendmicro~
A critical pre-auth RCE (CVSS 10.0) vulnerability, CVE-2025-55182, affects React Server Components and frameworks like Next.js; patch immediately.
-
IOCs: CVE-2025-55182
-
#CVE202555182 #ReactJS #ThreatIntel

1 0 0 0

CISA Adds Meta React RCE to KEV Catalog

4 months ago

~Cisa~
CISA warns CVE-2025-55182, a Meta React Server Components RCE vulnerability, is being actively exploited.
-
IOCs: CVE-2025-55182
-
#CVE202555182 #RCE #ThreatIntel

0 0 0 0