North Korean hackers exploit maximum severity React2Shell flaw

Kiswahili

North Korean hackers have begun exploiting a critical vulnerability known as React2Shell in malware attacks. This follows similar actions by Chinese hackers, indicating a growing interest in this security flaw. The issue poses significant risks to affected systems.

A maximum severity vulnerability in React2Shell has come under attack by North Korean hackers, who are using it in malware campaigns. The flaw, rated as critical, allows for severe exploitation that could compromise systems extensively.

According to reports, this development occurs shortly after Chinese actors targeted the same vulnerability, suggesting a pattern of state-sponsored groups capitalizing on high-impact weaknesses. The React2Shell flaw enables attackers to gain unauthorized access, potentially leading to data breaches or further malware deployment.

Security experts emphasize the urgency of patching this vulnerability to mitigate risks from such nation-state threats. No specific details on the scope of attacks or affected targets have been disclosed, but the involvement of North Korean hackers underscores ongoing cybersecurity challenges posed by adversarial nations.

This incident highlights the need for organizations to stay vigilant against evolving tactics from groups linked to North Korea, known for sophisticated cyber operations.

Makala yanayohusiana

Dramatic server room scene illustrating the SSHStalker Linux botnet infecting thousands of vulnerable servers via SSH exploits.
Picha iliyoundwa na AI

Researchers discover SSHStalker botnet infecting Linux servers

Imeripotiwa na AI Picha iliyoundwa na AI

Flare researchers have identified a new Linux botnet called SSHStalker that has compromised around 7,000 systems using outdated exploits and SSH scanning. The botnet employs IRC for command-and-control while maintaining dormant persistence without immediate malicious activities like DDoS or cryptomining. It targets legacy Linux kernels, highlighting risks in neglected infrastructure.

React2Shell exploits continue with large-scale Linux backdoor deployments and cloud credential theft

Ongoing exploitation of the React2Shell vulnerability (CVE-2025-55182)—previously detailed in coverage of China-nexus and cybercriminal campaigns—now includes widespread Linux backdoor installations, arbitrary command execution, and large-scale theft of cloud credentials.

China-nexus groups and cybercriminals ramp up React2Shell exploits

Imeripotiwa na AI

Building on earlier PeerBlight attacks, Google Threat Intelligence reports exploitation of the React2Shell vulnerability (CVE-2025-55182) by China-nexus clusters and financially motivated actors deploying backdoors and cryptocurrency miners on vulnerable React and Next.js systems.

Teknolojia

US government urged to patch critical Gogs security flaw

Linux

Chinese hackers install backdoors via Cisco email zero-day

Teknolojia

North Korean hackers use AI video to spread malware

Microsoft patches security flaw in Office software

Microsoft has issued an emergency patch for a worrying security flaw in its Office software. The vulnerability could allow hackers to access users' files if not updated promptly. The patch was released to address this critical issue.

Apple fixes zero-day flaws in WebKit for sophisticated attacks

Imeripotiwa na AI

Apple has addressed two zero-day vulnerabilities in its WebKit engine that were exploited in sophisticated attacks. The company released patches to fix these bugs, enhancing security for users of its devices.

The hacker news publishes weekly threatsday bulletin

The Hacker News has released its latest ThreatsDay Bulletin, focusing on various cybersecurity issues. The bulletin covers topics such as Kali Linux combined with Claude, Chrome crash traps, WinRAR flaws, and activities related to LockBit. It also includes over 15 additional stories on emerging threats.

BeyondTrust RCE flaw enables code execution without login

Imeripotiwa na AI

A critical remote code execution vulnerability has been discovered in multiple BeyondTrust products. The flaw, rated 9.9 out of 10 in severity, allows hackers to run code on affected systems without needing to log in. The issue was reported on February 10, 2026.

Ijumaa, 13. Mwezi wa tatu 2026, 18:03:59

Veeam patches three critical security flaws in backup servers

Jumatano, 11. Mwezi wa tatu 2026, 02:47:16

Dutch intelligence accuses Russia of hacker attacks on WhatsApp and Signal

Alhamisi, 19. Mwezi wa pili 2026, 09:18:19

Experts claim ransomware attacks increasingly target firewalls

Jumatano, 18. Mwezi wa pili 2026, 11:16:48

Dell zero-day flaw unpatched for nearly two years

Alhamisi, 5. Mwezi wa pili 2026, 15:05:32

Critical flaws discovered in n8n workflow tool

Jumatano, 4. Mwezi wa pili 2026, 19:25:39

Russian hackers exploit Microsoft Office vulnerability days after patch

Ijumaa, 19. Mwezi wa kumi na mbili 2025, 11:19:21

Cisco email security products targeted in zero-day campaign

Jumatano, 10. Mwezi wa kumi na mbili 2025, 15:36:03

React2Shell flaw exploited for PeerBlight malware on Linux

Jumatano, 5. Mwezi wa kumi na moja 2025, 22:25:46

Russian hackers use Linux VMs to hide malware on Windows

Jumatano, 29. Mwezi wa kumi 2025, 11:29:39

Malicious npm packages steal developer credentials on multiple platforms

 

 

 

Tovuti hii inatumia vidakuzi

Tunatumia vidakuzi kwa uchambuzi ili kuboresha tovuti yetu. Soma sera ya faragha yetu kwa maelezo zaidi.
Kataa