Overview
Description
Statistics
- 17 Posts
- 14 Interactions
Fediverse
Missed this yesterday - Google TIG published what they've been seeing on React2Shell.
Dovetails with @hrbrmstr 's tireless work lately.
VulnCheck analyzed several hundred #React2Shell CVE-2025-55182 exploits so you don't have to!
Amid all the slop (and there's so, so much slop) were some interesting finds that understandably escaped attention, including an early in-memory webshell variant, a PoC with logic that loads the Godzilla webshell, and a repo that deploys a lightweight WAF to block React2Shell payloads entirely (!)
@albinolobster wrote about exploit characteristics in aggregate and broke out the cooler examples here:
Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide
Torrance, United States / California, 12th December 2025, CyberNewsWire
React2Shell exploitation now enables persistent access via EtherRAT’s blockchain-based C2.
https://www.technadu.com/react2shell-exploitation-evolves-into-persistent-access-threat/615626/
• Unauthenticated RCE via CVE-2025-55182
• EtherRAT instructions hidden inside Ethereum smart contracts
• Gov + cloud + critical-infrastructure orgs selectively targeted
• Unique per-host payloads hinder signature detection
• Monitor Node.js anomalies + Ethereum RPC activity
#React2Shell #CVE202555182 #EtherRAT #CyberSecurity #ThreatIntel #NextJS #AppSec
Bluesky
Description
Statistics
- 12 Posts
- 43 Interactions
Fediverse
I see that Brendan Eich from Brave is out lying about @Vivaldi again. He claims that Brave was pretty much the first out with a fix for CVE-2025-14174 and that Vivaldi still has not released a fix.
AFAIK we were actually first because we released 7.7.3862.88 (Android) based on 142.0.7444.237 from the Extended Support Release branch at 13:00 UTC (and for Desktop [7.7.3851.61] one hour later) on the 10th of December (the day before Brave and even before Chrome), which includes a fix for CVE-2025-14174. However since that CVE was not being publicly discussed yet, it was not initially listed in the changelog.
I have updated the Desktop announcement to mention the CVE now. Here it is:
https://vivaldi.com/blog/desktop/minor-update-five-7-7/
Also FWIW my Masto bot which tracks various desktop browser updates announced us here:
https://social.vivaldi.net/@browserversiontracker/115695393613130159
That bot has a sibling that looks at Vivaldi only releases (all platforms), which caught the Android release:
https://social.vivaldi.net/@vivaldiversiontracker/115695161453809439
And here is when it detected the Brave annoucement, more than a day later:
https://social.vivaldi.net/@browserversiontracker/115702471419843978
📣 EMERGENCY UPDATES 📣
Apple pushed additional updates for 2 zero-days that may have been actively exploited.
🐛 CVE-2025-14174 (WebKit) additional patches,
🐛 CVE-2025-43529 (WebKit) additional patches:
- Safari 26.2
Two EITW 0days patched in iOS Webkit. The advisory says the exploits were against pre-iOS 26 but they have patches for 26 as well. And some other ones to go with those.
https://support.apple.com/en-us/125884
Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
Processing maliciously crafted web content may lead to memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-43529 was also issued in response to this report.
[VULN] "Sécurité : Apple comble deux failles « zero-day » avec iOS 26.2 et macOS 26.2"
"La première (CVE-2025-43529) concerne WebKit, le moteur de rendu de Safari. Il s'agit d'une faille de type use-after-free qui permet l'exécution de code arbitraire simplement en traitant un contenu web malveillant. La seconde (CVE-2025-14174) est une corruption de mémoire identifiée non seulement par les équipes d'Apple, mais aussi par le Threat Analysis Group de Google.
Fait intéressant, Google a également dû corriger Chrome en urgence mercredi dernier pour une faille similaire..."
👇
https://www.macg.co/ios/2025/12/securite-apple-comble-deux-failles-zero-day-avec-ios-262-et-macos-262-305619
⬇️
https://cve.circl.lu/vuln/CVE-2025-14174
🚨 Two more vulnerabilities have been added to the CISA KEV Catalog
CVE-2018-4063: Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type
CVSS: 8.8
CVE-2025-14174: Google Chromium Out of Bounds Memory Access
CVSS: 8.8
Apple aggiorna due bug 0day critici in iOS, presumibilmente abusati dagli spyware
In seguito alla scoperta di due vulnerabilità zero-day estremamente critiche nel motore del browser WebKit, Apple ha pubblicato urgentemente degli aggiornamenti di sicurezza per gli utenti di iPhone e iPad.
Entrambe le vulnerabilità risiedono in WebKit, il motore che alimenta Safari e visualizza i contenuti web nell’ecosistema iOS.
Catalogate come CVE-2025-43529 e CVE-2025-14174, permettono agli attaccanti di attivare codice malevolo attraverso l’inganno della vittima che viene portata a visitare una specifica pagina web.
Per attivare l’exploit, non è necessario che un aggressore abbia un accesso fisico al dispositivo; è sufficiente che venga elaborato un contenuto web creato in modo dannoso, ad esempio un sito web compromesso o una pubblicità dannosa.
L’avviso di Apple riporta quanto segue: “Apple è a conoscenza di una segnalazione secondo cui questo problema potrebbe essere stato sfruttato in un attacco estremamente sofisticato contro individui specifici nelle versioni di iOS precedenti a iOS 26″.
Questa formulazione è solitamente riservata alle campagne di spyware mercenarie sponsorizzate dallo Stato, in cui vengono presi di mira obiettivi di alto valore come giornalisti, diplomatici e dissidenti.
Le due falle sfruttano debolezze diverse nel modo in cui il browser gestisce la memoria:
CVE-2025-43529 (Use-After-Free): scoperta dal Google Threat Analysis Group (TAG), questa vulnerabilità comporta un errore “use-after-free”. In parole povere, il programma tenta di utilizzare la memoria dopo che è stata liberata, consentendo agli hacker di manipolarla per eseguire codice arbitrario. Apple ha risolto questo problema migliorando la gestione della memoria (WebKit Bugzilla: 302502).
CVE-2025-14174 (Corruzione della memoria): attribuito sia ad Apple che a Google TAG, questo problema consente la corruzione della memoria, una condizione che può causare il crash di un sistema o aprire una backdoor per gli aggressori. È stato corretto con una convalida dell’input migliorata (WebKit Bugzilla: 303614).
L'articolo Apple aggiorna due bug 0day critici in iOS, presumibilmente abusati dagli spyware proviene da Red Hot Cyber.
Bluesky
Overview
- Meta
- react-server-dom-webpack
Description
Statistics
- 6 Posts
- 17 Interactions
Fediverse
Happy patch your React Server Components again Friday to all who celebrate. The patch for CVE-2025-55184 was incomplete and still leaves systems vulnerable to DoS.
https://www.facebook.com/security/advisories/cve-2025-67779
It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19.0.2, 19.1.3 and 19.2.2 are affected, allowing unsafe deserialization of payloads from HTTP requests to Server Function endpoints. This can cause an infinite loop that hangs the server process and may prevent future HTTP requests from being served.
Cloudforce One sees active exploitation of React2Shell, with actors targeting critical infrastructure—including nuclear fuel and uranium operations. Probing is concentrated in Taiwan, Xinjiang, Vietnam, Japan, and New Zealand.
React also disclosed two new vulnerabilities (CVE-2025-55183 and CVE-2025-55184). Cloudflare customers are protected against all three flaws.
Read the full threat brief: https://blog.cloudflare.com/react2shell-rsc-vulnerabilities-exploitation-threat-brief/
Bluesky
Overview
Description
Statistics
- 8 Posts
- 19 Interactions
Fediverse
📣 EMERGENCY UPDATES 📣
Apple pushed additional updates for 2 zero-days that may have been actively exploited.
🐛 CVE-2025-14174 (WebKit) additional patches,
🐛 CVE-2025-43529 (WebKit) additional patches:
- Safari 26.2
Two EITW 0days patched in iOS Webkit. The advisory says the exploits were against pre-iOS 26 but they have patches for 26 as well. And some other ones to go with those.
https://support.apple.com/en-us/125884
Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
Processing maliciously crafted web content may lead to memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-43529 was also issued in response to this report.
[VULN] "Sécurité : Apple comble deux failles « zero-day » avec iOS 26.2 et macOS 26.2"
"La première (CVE-2025-43529) concerne WebKit, le moteur de rendu de Safari. Il s'agit d'une faille de type use-after-free qui permet l'exécution de code arbitraire simplement en traitant un contenu web malveillant. La seconde (CVE-2025-14174) est une corruption de mémoire identifiée non seulement par les équipes d'Apple, mais aussi par le Threat Analysis Group de Google.
Fait intéressant, Google a également dû corriger Chrome en urgence mercredi dernier pour une faille similaire..."
👇
https://www.macg.co/ios/2025/12/securite-apple-comble-deux-failles-zero-day-avec-ios-262-et-macos-262-305619
⬇️
https://cve.circl.lu/vuln/CVE-2025-14174
Apple aggiorna due bug 0day critici in iOS, presumibilmente abusati dagli spyware
In seguito alla scoperta di due vulnerabilità zero-day estremamente critiche nel motore del browser WebKit, Apple ha pubblicato urgentemente degli aggiornamenti di sicurezza per gli utenti di iPhone e iPad.
Entrambe le vulnerabilità risiedono in WebKit, il motore che alimenta Safari e visualizza i contenuti web nell’ecosistema iOS.
Catalogate come CVE-2025-43529 e CVE-2025-14174, permettono agli attaccanti di attivare codice malevolo attraverso l’inganno della vittima che viene portata a visitare una specifica pagina web.
Per attivare l’exploit, non è necessario che un aggressore abbia un accesso fisico al dispositivo; è sufficiente che venga elaborato un contenuto web creato in modo dannoso, ad esempio un sito web compromesso o una pubblicità dannosa.
L’avviso di Apple riporta quanto segue: “Apple è a conoscenza di una segnalazione secondo cui questo problema potrebbe essere stato sfruttato in un attacco estremamente sofisticato contro individui specifici nelle versioni di iOS precedenti a iOS 26″.
Questa formulazione è solitamente riservata alle campagne di spyware mercenarie sponsorizzate dallo Stato, in cui vengono presi di mira obiettivi di alto valore come giornalisti, diplomatici e dissidenti.
Le due falle sfruttano debolezze diverse nel modo in cui il browser gestisce la memoria:
CVE-2025-43529 (Use-After-Free): scoperta dal Google Threat Analysis Group (TAG), questa vulnerabilità comporta un errore “use-after-free”. In parole povere, il programma tenta di utilizzare la memoria dopo che è stata liberata, consentendo agli hacker di manipolarla per eseguire codice arbitrario. Apple ha risolto questo problema migliorando la gestione della memoria (WebKit Bugzilla: 302502).
CVE-2025-14174 (Corruzione della memoria): attribuito sia ad Apple che a Google TAG, questo problema consente la corruzione della memoria, una condizione che può causare il crash di un sistema o aprire una backdoor per gli aggressori. È stato corretto con una convalida dell’input migliorata (WebKit Bugzilla: 303614).
L'articolo Apple aggiorna due bug 0day critici in iOS, presumibilmente abusati dagli spyware proviene da Red Hot Cyber.
Bluesky
Overview
Description
Statistics
- 3 Posts
Fediverse
Bluesky
Overview
- Meta
- react-server-dom-webpack
Description
Statistics
- 5 Posts
- 5 Interactions
Fediverse
Cloudforce One sees active exploitation of React2Shell, with actors targeting critical infrastructure—including nuclear fuel and uranium operations. Probing is concentrated in Taiwan, Xinjiang, Vietnam, Japan, and New Zealand.
React also disclosed two new vulnerabilities (CVE-2025-55183 and CVE-2025-55184). Cloudflare customers are protected against all three flaws.
Read the full threat brief: https://blog.cloudflare.com/react2shell-rsc-vulnerabilities-exploitation-threat-brief/
Bluesky
Overview
- Microsoft
- Windows 10 Version 1809
Description
Statistics
- 2 Posts
- 5 Interactions
Fediverse
PowerShell 5.1 now shows warnings when scripts use Invoke-WebRequest to fetch web content, aiming to limit silent script execution risks tied to CVE-2025-54100. ⚠️
Admins are urged to switch to -UseBasicParsing to avoid unintended code parsing and prevent automation hang-ups. 🛡️
#TechNews #Cybersecurity #Windows #PowerShell #Security #Privacy #InfoSec #Patch #Update #Automation #IT #DevOps #Risk #Technology #Development #Shell #Script #CVE #Vulnerability
Bluesky
Overview
Description
Statistics
- 2 Posts
- 1 Interaction
Fediverse
🔔 CRITICAL: Plesk 18.0 (CVE-2025-66430) suffers from incorrect access control, risking unauthorized admin actions. No exploit yet, but review roles, restrict access, and monitor logs ASAP. Patch pending. https://radar.offseq.com/threat/cve-2025-66430-na-91279388 #OffSeq #Plesk #Vuln #AccessControl
Overview
- Gladinet
- CentreStack and TrioFox
Description
Statistics
- 2 Posts
Fediverse
🔎 HIGH severity: CVE-2025-14611 in Gladinet CentreStack & TrioFox (<16.12.10420.56791) — hardcoded AES weakens crypto & enables unauth LFI. Restrict public access, monitor for LFI attempts, prep for patch. https://radar.offseq.com/threat/cve-2025-14611-vulnerability-in-gladinet-centresta-e4cb3dcd #OffSeq #Vulnerability #InfoSec
Overview
- Meta
- react-server-dom-parcel
Description
Statistics
- 2 Posts
- 14 Interactions
Fediverse
Happy patch your React Server Components again Friday to all who celebrate. The patch for CVE-2025-55184 was incomplete and still leaves systems vulnerable to DoS.
https://www.facebook.com/security/advisories/cve-2025-67779
It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19.0.2, 19.1.3 and 19.2.2 are affected, allowing unsafe deserialization of payloads from HTTP requests to Server Function endpoints. This can cause an infinite loop that hangs the server process and may prevent future HTTP requests from being served.