React2Shell flaw (CVE-2025-55182) exploited for remote code execution
The availability of exploit code will likely lead to more widespread opportunistic attacks
Tags: Threat Research, Featured, vulnerability, react2shell
Similar Posts
KR: Lotte Card hack exposes data of 3 million users
Bys sChoi Ji-won reports: Lotte Card said a hacking attack compromised the personal data of 2.97 million users, marking the biggest data breach this year. CEO Cho Jwa-jin on Thursday disclosed the findings of a probe by the Financial Supervisory Service and Financial Security Institute, in the first public announcement since regulators began investigating on Sept…….
From Tabletop to Turnkey: Building Cyber Resilience in Financial Services
Bys sIntroduction Financial institutions are facing a new reality: cyber-resilience has passed from being a best practice, to an operational necessity, to a prescriptive regulatory requirement. Crisis management or Tabletop exercises, for a long time relatively rare in the context of cybersecurity, have become required as a series of regulations has introduced this requirement to FSI…
Hacking group Anonymous targets Russia, releases Trump files
Bys sThe Express Tribune reports: Hacking group Anonymous has claimed responsibility for a large-scale cyberattack on Russian networks, releasing what it says is 10 terabytes of leaked data containing sensitive information on political figures, state-affiliated businesses, Kremlin assets abroad, and even files allegedly linked to US President Donald Trump. The data was released on 15 April…
North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware
Bys sThe North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that’s distributed via malicious Microsoft Visual Studio Code (VS Code) projects. The use of VS Code “tasks.json” to distribute malware is a relatively new tactic adopted by the threat actor since…
Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware
Bys sAn Iranian state-sponsored threat group has been attributed to a long-term cyber intrusion aimed at a critical national infrastructure (CNI) in the Middle East that lasted nearly two years. The activity, which lasted from at least May 2023 to February 2025, entailed “extensive espionage operations and suspected network prepositioning – a tactic often used to…
SEC to Notify Crypto Businesses of Technical Violations Before Taking Action: Report
Bys sWayne Jones reports: A report by the Financial Times revealed that the Securities and Exchange Commission (SEC) plans to issue crypto firms notices of technical violations before taking action. The move is a shift away from the aggressive enforcement approach that was pursued under former President Joe Biden. Trump-appointed SEC Chair Paul Atkins told the Financial Times……