Overview
- CISA shortened the federal deadline to patch CVE-2025-55182 to Friday after confirming active exploitation in its KEV catalog.
- Palo Alto Networks Unit 42 reports more than 50 affected organizations across the United States, Asia, South America and the Middle East.
- Shadowserver found over 165,000 IPs and 644,000 domains running vulnerable code, with the largest concentration in the U.S.
- Sysdig detailed EtherRAT delivered via React2Shell that uses Ethereum smart contracts with nine-RPC consensus, five Linux persistence methods and a self-update mechanism, noting overlaps with Contagious Interview tooling without firm attribution.
- Huntress observed automated campaigns dropping cryptominers and new malware including PeerBlight, CowTunnel and ZinFoq, prompting guidance to update frameworks, redeploy clean builds and rotate secrets as WAF filters provide only temporary relief.