Overview
- React disclosed two additional RSC flaws — a high‑severity denial‑of‑service (CVE-2025-55184) and a medium‑severity source code exposure (CVE-2025-55183) — and urged immediate upgrades to backported fixes in 19.0.2, 19.1.3, and 19.2.2.
- Exploitation of the original React2Shell RCE (CVE-2025-55182) is broad, with Palo Alto Networks reporting 50+ victim organizations and Shadowserver tallying over 165,000 IPs and 644,000 vulnerable domains.
- Sysdig identified a new implant, EtherRAT, using Ethereum smart contracts with consensus across nine RPC endpoints, rapid polling, self‑updates, and five Linux persistence mechanisms, with overlaps to DPRK ‘Contagious Interview’ tooling but no confirmed attribution.
- CISA placed CVE-2025-55182 in its Known Exploited Vulnerabilities catalog and shortened the U.S. federal remediation deadline to Friday, as researchers tracked more than 15 intrusion clusters and a growing mix of state‑linked and criminal actors.
- Huntress observed automated campaigns delivering crypto miners and new Linux malware families including PeerBlight, CowTunnel, and ZinFoq, while hosting‑provider WAF rules remain temporary mitigations that do not replace patching and redeployments.