React2Shell-utnyttjanden fortsätter med storskaliga Linux-bakdörrsimplantationer och stöld av molnuppgifter

Svenska

Det pågående utnyttjandet av React2Shell-sårbarheten (CVE-2025-55182)—tidigare beskrivet i rapportering om China-nexus- och cyberbrottskampanjer—innefattar nu utbredda Linux-bakdörrsinstallationer, godtycklig kommandokörning och storskalig stöld av molnuppgifter.

Efter tidigare rapporter om PeerBlight och efterföljande attacker från grupper som UNC6600, UNC6586, UNC6588, UNC6603 samt finansiellt motiverade aktörer som distribuerar skadlig kod som MINOCAT, SNOWLIGHT, HISONIC, COMPOOD, ANGRYREBEL.LINUX och XMRig-gruvor bekräftar cybersäkerhetsforskare aktiv, storskalig utnyttjande av React2Shell (CVE-2025-55182).

Attackörer fortsätter att utnyttja denna kritiska RCE-brist (CVSS 10.0, påverkar React 19.0–19.2.0) för att installera bakdörrar på Linux-system, köra godtyckliga kommandon och rikta in molnuppgifter för stöld.

Trots att patchar finns tillgängliga (React 19.0.1, 19.1.2, 19.2.1+), understryker de ihållande hoten behovet av att administratörer tillämpar åtgärder som Cloud Armor WAF, övervakar IOC från tidigare rapportering och säkrar React/Next.js-applikationer mitt i mjukvaruleveranskedjerisker.

Relaterade artiklar

Illustration depicting the Linux CopyFail vulnerability enabling root access exploits alongside Ubuntu's DDoS-induced outage.
Bild genererad av AI

Linux CopyFail exploit threatens root access amid Ubuntu outage

Rapporterad av AI Bild genererad av AI

A critical Linux vulnerability known as CopyFail, tracked as CVE-2026-31431, allows attackers to gain root access on systems running kernels since 2017. Publicly released exploit code has heightened risks for data centers and personal devices. Ubuntu's infrastructure has been offline for over a day due to a DDoS attack, hampering security communications.

Single errant character triggers high-severity Linux vulnerability

Researchers have identified a high-severity flaw in the Linux kernel that can allow untrusted users to gain root access. The issue stems from one incorrect character in the code.

US government issues urgent CopyFail warning as Linux patches roll out

Rapporterad av AI

Four days after the CopyFail (CVE-2026-31431) exploit disclosure disrupted Ubuntu services, the US government warned of its critical risks to Linux systems, urging immediate patching amid public exploit code.

ShinyHunters exploits critical PeopleSoft zero-day vulnerability

A ransomware group known as ShinyHunters exploited a critical zero-day flaw in Oracle’s PeopleSoft software to target about 100 organizations. The attackers stole gigabytes of data from victims, including the University of Nottingham, and issued extortion demands. Oracle has released a mitigation but not a full patch.

OpenClaw patches severe vulnerability granting admin access

Rapporterad av AI

Developers of the popular AI tool OpenClaw released patches for three high-severity vulnerabilities, including one that allowed attackers with basic pairing privileges to silently gain full administrative control. The flaw, tracked as CVE-2026-33579 and rated up to 9.8 out of 10 in severity, has raised alarms among security experts. Thousands of exposed instances may have been compromised unknowingly.

9 juni 2026 04:36

Single character triggers high-severity Linux kernel vulnerability

8 juni 2026 12:50

Microsoft packages hit with credential-stealing malware for second time

23 maj 2026 01:36

Linux kernel flaw lets unprivileged users gain root access

9 maj 2026 20:17

New dirty frag exploit grants root access on linux systems

22 april 2026 09:46

Microsoft patches critical ASP.NET Core vulnerability on macOS and Linux

Denna webbplats använder cookies

Vi använder cookies för analys för att förbättra vår webbplats. Läs vår integritetspolicy för mer information.
Avböj