North Korean hackers exploit maximum severity React2Shell flaw

English

North Korean hackers have begun exploiting a critical vulnerability known as React2Shell in malware attacks. This follows similar actions by Chinese hackers, indicating a growing interest in this security flaw. The issue poses significant risks to affected systems.

A maximum severity vulnerability in React2Shell has come under attack by North Korean hackers, who are using it in malware campaigns. The flaw, rated as critical, allows for severe exploitation that could compromise systems extensively.

According to reports, this development occurs shortly after Chinese actors targeted the same vulnerability, suggesting a pattern of state-sponsored groups capitalizing on high-impact weaknesses. The React2Shell flaw enables attackers to gain unauthorized access, potentially leading to data breaches or further malware deployment.

Security experts emphasize the urgency of patching this vulnerability to mitigate risks from such nation-state threats. No specific details on the scope of attacks or affected targets have been disclosed, but the involvement of North Korean hackers underscores ongoing cybersecurity challenges posed by adversarial nations.

This incident highlights the need for organizations to stay vigilant against evolving tactics from groups linked to North Korea, known for sophisticated cyber operations.

Related Articles

Dramatic server room scene illustrating the SSHStalker Linux botnet infecting thousands of vulnerable servers via SSH exploits.
Image generated by AI

Researchers discover SSHStalker botnet infecting Linux servers

Reported by AI Image generated by AI

Flare researchers have identified a new Linux botnet called SSHStalker that has compromised around 7,000 systems using outdated exploits and SSH scanning. The botnet employs IRC for command-and-control while maintaining dormant persistence without immediate malicious activities like DDoS or cryptomining. It targets legacy Linux kernels, highlighting risks in neglected infrastructure.

React2Shell exploits continue with large-scale Linux backdoor deployments and cloud credential theft

Ongoing exploitation of the React2Shell vulnerability (CVE-2025-55182)—previously detailed in coverage of China-nexus and cybercriminal campaigns—now includes widespread Linux backdoor installations, arbitrary command execution, and large-scale theft of cloud credentials.

China-nexus groups and cybercriminals ramp up React2Shell exploits

Reported by AI

Building on earlier PeerBlight attacks, Google Threat Intelligence reports exploitation of the React2Shell vulnerability (CVE-2025-55182) by China-nexus clusters and financially motivated actors deploying backdoors and cryptocurrency miners on vulnerable React and Next.js systems.

Technology

US government urged to patch critical Gogs security flaw

Linux

Chinese hackers install backdoors via Cisco email zero-day

Technology

North Korean hackers use AI video to spread malware

Microsoft patches security flaw in Office software

Microsoft has issued an emergency patch for a worrying security flaw in its Office software. The vulnerability could allow hackers to access users' files if not updated promptly. The patch was released to address this critical issue.

Apple fixes zero-day flaws in WebKit for sophisticated attacks

Reported by AI

Apple has addressed two zero-day vulnerabilities in its WebKit engine that were exploited in sophisticated attacks. The company released patches to fix these bugs, enhancing security for users of its devices.

The hacker news publishes weekly threatsday bulletin

The Hacker News has released its latest ThreatsDay Bulletin, focusing on various cybersecurity issues. The bulletin covers topics such as Kali Linux combined with Claude, Chrome crash traps, WinRAR flaws, and activities related to LockBit. It also includes over 15 additional stories on emerging threats.

BeyondTrust RCE flaw enables code execution without login

Reported by AI

A critical remote code execution vulnerability has been discovered in multiple BeyondTrust products. The flaw, rated 9.9 out of 10 in severity, allows hackers to run code on affected systems without needing to log in. The issue was reported on February 10, 2026.

March 13, 2026 18:03

Veeam patches three critical security flaws in backup servers

March 11, 2026 02:47

Dutch intelligence accuses Russia of hacker attacks on WhatsApp and Signal

February 19, 2026 09:18

Experts claim ransomware attacks increasingly target firewalls

February 18, 2026 11:16

Dell zero-day flaw unpatched for nearly two years

February 05, 2026 15:05

Critical flaws discovered in n8n workflow tool

February 04, 2026 19:25

Russian hackers exploit Microsoft Office vulnerability days after patch

December 19, 2025 11:19

Cisco email security products targeted in zero-day campaign

December 10, 2025 15:36

React2Shell flaw exploited for PeerBlight malware on Linux

November 05, 2025 22:25

Russian hackers use Linux VMs to hide malware on Windows

October 29, 2025 11:29

Malicious npm packages steal developer credentials on multiple platforms

 

 

 

This website uses cookies

We use cookies for analytics to improve our site. Read our privacy policy for more information.
Decline