React2Shell flaw (CVE-2025-55182) exploited for remote code execution
The availability of exploit code will likely lead to more widespread opportunistic attacks
Similar Posts
Texas Man Convicted of Sabotaging his Employer’s Computer Systems and Deleting Data
Bys sThere’s an update to an indictment announced by the DOJ in April 2021. In today’s reminder of the insider threat, DOJ announced: A federal jury in Cleveland convicted a Texas man today for writing and deploying malicious code on his former employer’s network. According to court documents and evidence presented at trial, Davis Lu, 55,…
Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager
Bys sIvanti has rolled out security updates to address several security flaws impacting Avalanche, Application Control Engine, and Endpoint Manager (EPM), including four critical bugs that could lead to information disclosure. All the four critical security flaws, rated 9.8 out of 10.0 on the CVSS scale, are rooted in EPM, and concern absolute path traversal flaws…
India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse
Bys sIndia’s Department of Telecommunications (DoT) has issued directions to app-based communication service providers to ensure that the platforms cannot be used without an active SIM card linked to the user’s mobile number. To that end, messaging apps like WhatsApp, Telegram, Snapchat, Arattai, Sharechat, Josh, JioChat, and Signal that use an Indian mobile number for uniquely…
Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives
Bys sA malware campaign distributing the XLoader malware has been observed using the DLL side-loading technique by making use of a legitimate application associated with the Eclipse Foundation. “The legitimate application used in the attack, jarsigner, is a file created during the installation of the IDE package distributed by the Eclipse Foundation,” the AhnLab SEcurity Intelligence…
Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
Bys sFrom: CISA Date: April 7, 2026 Alert Code: AA26-097A Executive Summary: Iran-affiliated advanced persistent threat (APT) actors are conducting exploitation activity targeting internet-facing operational technology (OT) devices, including programmable logic controllers (PLCs) manufactured by Rockwell Automation/Allen-Bradley. This activity has led to PLC disruptions across several U.S. critical infrastructure sectors through malicious interactions with the project……
Critical Aviatrix Controller Vulnerability Exploited Against Cloud Environments
Bys sAttackers are exploiting a critical vulnerability in Aviatrix Controller to execute arbitrary code in AWS cloud environments. The post Critical Aviatrix Controller Vulnerability Exploited Against Cloud Environments appeared first on SecurityWeek.