RondoDox botnet exploits React2Shell flaw to breach Next.js servers

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js ...

Forensic lab in Meriden analyzed shell casings in Brown University investigation

A forensic lab in Connecticut played a key role in the investigation into the Brown University shooting. Claudio Manuel Neves ...
Hackaday

This Week In Security: PostHog, Project Zero Refresh, And Thanks For All The Fish

There’s something immensely satisfying about taking a series of low impact CVEs, and stringing them together into a full exploit. That’s the story we have from [Mehmet Ince] of ...
InfoWorld

React2Shell is the Log4j moment for front end development

Attackers are exploiting a Flight protocol validation failure that allows them to execute arbitrary code without ...
Computer Weekly

ClickFix attacks that bypass cyber controls on the rise

So-called ClickFix or ClearFake attacks that bypass security controls and use unwitting victims to execute a cyber attack of their own accord are surging at the end of 2025, even outpacing phishing or ...
The Record

Conti ransomware group adopts Log4Shell exploit

The Conti gang has become the first professional ransomware operation to adopt and incorporate the Log4Shell vulnerability in their daily operations. Scans and attacks began as early as Monday, ...

Iconic Open venue detonates WWII artillery shell found beneath course in wildest golf video of the year

On Monday, Royal Liverpool Golf Club—better known as Hoylake—released this video of a literal bomb going off beside one of ...

Fake ‘Leonardo DiCaprio’ Torrent Spreads Agent Tesla Malware

Cybercriminals are exploiting demand for pirated movies by disguising malware as a fake torrent of “One Battle After Another,” a new Leonardo DiCaprio film, tricking Windows users into infecting their ...
healthcareinfosecurity.com

Nation-State and Cybercrime Exploits Tied to React2Shell

Mass exploitation of the React2Shell vulnerability is underway by nation-state hackers tied to China, North Korea and Iran, as well as financially motivated cybercriminals, experts warn. See Also: Top ...

Fake Windows update pushes malware in new ClickFix attack

The ClickFix campaign disguises malware as legitimate Windows updates, using steganography to hide shellcode in PNG files and bypass security detection systems.
Dark Reading

React2Shell Exploits Flood the Internet as Attacks Continue

A torrent of proof-of-concept (PoC) exploits for React2Shell has hit the internet following the vulnerability's disclosure last week, and while security researchers say most are fake, ineffective and ...
bankinfosecurity

Exploit Attempts Surge for React2Shell

Hacker interest is high in a days-old vulnerability in widely used web application framework React, with dozens of organizations already falling victim to it, cybersecurity experts warn. A security ...