React2Shell exploits continue with large-scale Linux backdoor deployments and cloud credential theft

Dansk

Ongoing exploitation of the React2Shell vulnerability (CVE-2025-55182)—previously detailed in coverage of China-nexus and cybercriminal campaigns—now includes widespread Linux backdoor installations, arbitrary command execution, and large-scale theft of cloud credentials.

Following earlier reports on PeerBlight and subsequent attacks by groups like UNC6600, UNC6586, UNC6588, UNC6603, and financially motivated actors deploying malware such as MINOCAT, SNOWLIGHT, HISONIC, COMPOOD, ANGRYREBEL.LINUX, and XMRig miners, cybersecurity researchers confirm active, large-scale exploitation of React2Shell (CVE-2025-55182).

Attackers continue leveraging this critical RCE flaw (CVSS 10.0, affecting React 19.0–19.2.0) to install backdoors on Linux systems, execute arbitrary commands, and target cloud credentials for theft.

While patches are available (React 19.0.1, 19.1.2, 19.2.1+), the persistent threats underscore the need for administrators to apply mitigations like Cloud Armor WAF, monitor IOCs from prior coverage, and secure React/Next.js applications amid software supply chain risks.

Relaterede artikler

Illustration depicting the Linux CopyFail vulnerability enabling root access exploits alongside Ubuntu's DDoS-induced outage.
Billede genereret af AI

Linux CopyFail exploit threatens root access amid Ubuntu outage

Rapporteret af AI Billede genereret af AI

A critical Linux vulnerability known as CopyFail, tracked as CVE-2026-31431, allows attackers to gain root access on systems running kernels since 2017. Publicly released exploit code has heightened risks for data centers and personal devices. Ubuntu's infrastructure has been offline for over a day due to a DDoS attack, hampering security communications.

Researchers discover SSHStalker botnet infecting Linux servers

Flare researchers have identified a new Linux botnet called SSHStalker that has compromised around 7,000 systems using outdated exploits and SSH scanning. The botnet employs IRC for command-and-control while maintaining dormant persistence without immediate malicious activities like DDoS or cryptomining. It targets legacy Linux kernels, highlighting risks in neglected infrastructure.

US government issues urgent CopyFail warning as Linux patches roll out

Rapporteret af AI

Four days after the CopyFail (CVE-2026-31431) exploit disclosure disrupted Ubuntu services, the US government warned of its critical risks to Linux systems, urging immediate patching amid public exploit code.

Teknologi

Veeam patches three critical security flaws in backup servers

Linux

Researchers uncover new SysUpdate malware variant targeting Linux

Teknologi

OpenClaw patches severe vulnerability granting admin access

New SysUpdate malware variant targets Linux systems

A new variant of the SysUpdate malware has been discovered targeting Linux systems, featuring advanced encryption for command-and-control communications. Security researchers at LevelBlue identified the threat during a digital forensics engagement and developed a tool to decrypt its traffic. The malware disguises itself as a legitimate system service to evade detection.

Red Hat directs users to security page for CopyFail vulnerability

Rapporteret af AI

Red Hat has provided an official link to information on the CopyFail vulnerability, known as CVE-2026-31431. The security page details a fix for the local privilege escalation issue and specifies affected versions. This follows a user inquiry urging faster publication of a patch.

lørdag d. 9. maj 2026, 20.17

New dirty frag exploit grants root access on linux systems

onsdag d. 22. april 2026, 09.46

Microsoft patches critical ASP.NET Core vulnerability on macOS and Linux

mandag d. 23. februar 2026, 08.01

Malicious npm packages harvest crypto keys and secrets

onsdag d. 18. februar 2026, 11.16

Dell zero-day flaw unpatched for nearly two years

lørdag d. 14. februar 2026, 06.39

SSHStalker botnet uses IRC to target Linux servers

Dette websted bruger cookies

Vi bruger cookies til analyse for at forbedre vores side. Læs vores privatlivspolitik for mere information.
Afvis