• The Cyber Express

A large-scale cyber espionage operation known as Operation PCPcat has shaken the modern web infrastructure, compromising more than 59,000 servers in just 48 hours. The campaign targets systems built o ... Read more

• CybersecurityNews

A massive credential-theft campaign dubbed PCPcat compromised 59,128 Next.js servers in under 48 hours. The operation exploits critical vulnerabilities CVE-2025-29927 and CVE-2025-66478, achieving a 6 ... Read more

• Daily CyberSecurity

A highly automated and ruthlessly efficient cyber-espionage campaign is tearing through the cloud infrastructure of modern web applications, leaving tens of thousands of compromised servers in its wak ... Read more

• CybersecurityNews

In a week that revealed the flaws in digital trust, cybersecurity headlines were filled with high-profile breaches, zero-day exploits, and bold nation-state espionage. Attackers claimed to have swiped ... Read more

• AttackIQ

Vulnerability Overview React2Shell (CVE-2025-55182) is a critical (CVSS 10.0) pre-authentication Remote Code Execution (RCE) vulnerability affecting the react-server package used by React Server Compo ... Read more

• The Hacker News

The security vulnerability known as React2Shell is being exploited by threat actors to deliver malware families like KSwapDoor and ZnDoor, according to findings from Palo Alto Networks Unit 42 and NTT ... Read more

• CybersecurityNews

A new malware campaign called PCPcat has successfully compromised more than 59,000 servers in under 48 hours through targeted exploitation of critical vulnerabilities in Next.js and React frameworks. ... Read more

• BleepingComputer

​Over the weekend, ​Google's threat intelligence team linked five more Chinese hacking groups to attacks exploiting the maximum-severity "React2Shell" remote code execution vulnerability. Tracked as C ... Read more

• The Register

If you're running React Server Components, you just can't catch a break. In addition to already-reported flaws, newly discovered bugs allow attackers to hang vulnerable servers and potentially leak Se ... Read more

• Google Cloud

Written by: Aragorn Tseng, Robert Weiner, Casey Charrier, Zander Work, Genevieve Stark, Austin Larsen Introduction On Dec. 3, 2025, a critical unauthenticated remote code execution (RCE) vulnerability ... Read more

• The Register

Half of the internet-facing systems vulnerable to a fast-moving React remote code execution flaw remain unpatched, even as exploitation has exploded into more than a dozen active attack clusters rangi ... Read more

• Daily CyberSecurity

A critical security flaw in the popular React web framework has ignited a wave of cyberattacks, with state-sponsored actors and cybercriminals rushing to exploit the vulnerability before organizations ... Read more

• CybersecurityNews

PortSwigger has enhanced Burp Suite’s scanning arsenal with the latest update to its ActiveScan++ extension, introducing detection for the critical React2Shell vulnerabilities (CVE-2025-55182 and CVE- ... Read more

• Huntress

TL;DR: Huntress is seeing threat actors exploit a vulnerability in React Server Components (CVE-2025-55182) across several organizations in our customer base. Attackers have attempted to deploy crypto ... Read more

• CybersecurityNews

A dedicated command-line tool, fix-react2shell-next, to help developers immediately detect and patch the critical “React2Shell” vulnerability (CVE-2025-66478). This new scanner offers a one-line solut ... Read more

• nextron-systems.com

Over the past days, many of our customers have seen reports about a critical remote code execution vulnerability in React Server Components (CVE-2025-55182) and the related Next.js vulnerability (CVE- ... Read more

• SentinelOne

A critical remote code execution (RCE) vulnerability, dubbed ‘React2Shell’, affecting React Server Components (RSC) and Next.js, is allowing unauthenticated attackers to perform server-side code attac ... Read more

• SentinelOne

A critical remote code execution (RCE) vulnerability, dubbed ‘React2Shell’, affecting React Server Components (RSC) and Next.js, is allowing unauthenticated attackers to perform server-side code attac ... Read more

• SentinelOne

The Good | Authorities Jail WiFi Hacker, Seize €1.3B Crypto Mixer & Charge Two Malicious Insiders An Australian national has received just over seven years in prison for running “evil twin” WiFi netwo ... Read more

• SentinelOne

The Good | Authorities Jail WiFi Hacker, Seize €1.3B Crypto Mixer & Charge Two Malicious Insiders An Australian national has received just over seven years in prison for running “evil twin” WiFi netwo ... Read more