December 2025 was a brutal reality check for security teams. While most were winding down for the holidays, threat actors weaponized a tectonic shift in the landscape, headlined by the... The post Top ...
December 2025, the RondoDox botnet operators have been targeting Next.js servers impacted by the React2Shell vulnerability.
RondoDox botnet exploits the React2Shell vulnerability in Next.js, with over 90,000 exposed systems used to deploy miners and ...
A new Shai-Hulud npm strain and a fake Jackson Maven package show how attackers abuse trusted dependencies to steal secrets ...
The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js ...
The explosive, easy-to-trigger vulnerability was exploited within hours of disclosure, exposing the risks of default ...
Following the critical vulnerability CVE-2025-55182 in React Server Components, researchers have found three new leaks. Two enable denial of service, while the third leaks source code. The React team ...
A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
Millions of web applications face immediate risk following the disclosure of a catastrophic flaw in the React Server Components (RSC) architecture. Identified as CVE-2025-55182, the vulnerability ...
Security defenders are girding themselves in response to the disclosure of a maximum-severity vulnerability disclosed Wednesday in React Server, an open-source package that’s widely used by websites ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback