InfoSecBulletin Cybersecurity for mankind
More than 77,000 IP addresses online are at risk from the serious React2Shell remote code execution flaw (CVE-2025-55182). Researchers report that attackers have already breached over 30 organizations in various sectors.
React2Shell is a vulnerability that allows unauthorized remote code execution with just one HTTP request. It affects all frameworks using React Server Components, including Next.js, due to shared deserialization logic.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
On December 4, security researcher Maple3142 released a proof-of-concept for remote command execution on unpatched servers. This prompted rapid scanning for the vulnerability, as both attackers and researchers utilized the public exploit with automation.
Over 77,000 vulnerable IP addresses:
The Shadowserver Foundation has found 77,664 IP addresses at risk due to the React2Shell flaw, including about 23,700 in the U.S.
Researchers found that IP addresses were exposed to vulnerabilities through a detection method by Searchlight Cyber/Assetnote, which involved sending an HTTP request to servers to exploit a flaw and checking the response to confirm device vulnerability.
GreyNoise detected 181 unique IP addresses trying to exploit the flaw in the last 24 hours, mainly from automated traffic. Most scans come from the Netherlands, China, the United States, Hong Kong, and a few other countries.
Palo Alto Networks reveals that over 30 organizations have been affected by the React2Shell flaw, allowing attackers to run commands, gather information, and try to steal AWS configuration and credential files.
These compromises include intrusions linked to known state-associated Chinese threat actors.
Companies globally have quickly installed the patch and applied fixes for the serious React flaw.
Yesterday, Cloudflare roll out emergency measures for the React flaw in its Web Application Firewall (WAF) because of its serious exploitation.
However, the update inadvertently caused an outage affecting numerous websites before the rules were corrected.
CISA included CVE-2025-55182 in the Known Exploited Vulnerabilities catalog, mandating federal agencies to patch it by December 26, 2025, per Binding Operational Directive 22-01.
Organizations using React Server Components or related frameworks should update immediately, rebuild and redeploy their applications, and check logs for PowerShell or shell command activity.
