React2Shell exploits continue with large-scale Linux backdoor deployments and cloud credential theft

Kiswahili

Ongoing exploitation of the React2Shell vulnerability (CVE-2025-55182)—previously detailed in coverage of China-nexus and cybercriminal campaigns—now includes widespread Linux backdoor installations, arbitrary command execution, and large-scale theft of cloud credentials.

Following earlier reports on PeerBlight and subsequent attacks by groups like UNC6600, UNC6586, UNC6588, UNC6603, and financially motivated actors deploying malware such as MINOCAT, SNOWLIGHT, HISONIC, COMPOOD, ANGRYREBEL.LINUX, and XMRig miners, cybersecurity researchers confirm active, large-scale exploitation of React2Shell (CVE-2025-55182).

Attackers continue leveraging this critical RCE flaw (CVSS 10.0, affecting React 19.0–19.2.0) to install backdoors on Linux systems, execute arbitrary commands, and target cloud credentials for theft.

While patches are available (React 19.0.1, 19.1.2, 19.2.1+), the persistent threats underscore the need for administrators to apply mitigations like Cloud Armor WAF, monitor IOCs from prior coverage, and secure React/Next.js applications amid software supply chain risks.

Makala yanayohusiana

Illustration of a developer's desk with a computer screen showing malicious npm packages stealing credentials across platforms, highlighting cybersecurity risks.
Picha iliyoundwa na AI

Malicious npm packages steal developer credentials on multiple platforms

Imeripotiwa na AI Picha iliyoundwa na AI

Ten typosquatted npm packages, uploaded on July 4, 2025, have been found downloading an infostealer that targets sensitive data across Windows, Linux, and macOS systems. These packages, mimicking popular libraries, evaded detection through multiple obfuscation layers and amassed nearly 10,000 downloads. Cybersecurity firm Socket reported the threat, noting the packages remain available in the registry.

China-nexus groups and cybercriminals ramp up React2Shell exploits

Building on earlier PeerBlight attacks, Google Threat Intelligence reports exploitation of the React2Shell vulnerability (CVE-2025-55182) by China-nexus clusters and financially motivated actors deploying backdoors and cryptocurrency miners on vulnerable React and Next.js systems.

React2Shell flaw exploited for PeerBlight malware on Linux

Imeripotiwa na AI

A critical vulnerability in React Server Components, known as React2Shell and tracked as CVE-2025-55182, is being actively exploited to deploy a new Linux backdoor called PeerBlight. This malware turns compromised servers into covert proxy and command-and-control nodes. Attackers use a single crafted HTTP request to execute arbitrary code on vulnerable Next.js and React applications.

Linux

Qilin ransomware deploys Linux binaries against Windows systems

Teknolojia

BeyondTrust RCE flaw enables code execution without login

Linux

Russian hackers use Linux VMs to hide malware on Windows

Malicious npm packages harvest crypto keys and secrets

Nineteen malicious packages on the npm registry are spreading a worm known as SANDWORM_MODE. These packages steal crypto keys, CI secrets, API tokens, and AI API keys. The theft occurs through MCP injection.

GNU C Library fixes security issue from 1996

Imeripotiwa na AI

The GNU C Library has addressed a long-standing security vulnerability that dates back to 1996. This fix, identified as CVE-2026-0915, patches a flaw present in the library since its early versions. The update aims to enhance security for systems relying on this fundamental component of Linux distributions.

Check Point discovers advanced VoidLink Linux malware for clouds

Security researchers at Check Point have uncovered VoidLink, a sophisticated new Linux malware framework designed to target cloud infrastructures. Written in Zig and linked to Chinese developers, it features over 30 plugins for stealthy reconnaissance, credential theft, and lateral movement. No real-world infections have been observed yet, but its capabilities signal a growing threat to enterprise cloud environments.

Rust in Linux Kernel: Full Integration, First Vulnerabilities, and 2025 Milestones

Imeripotiwa na AI

Building on the 2025 Kernel Maintainers Summit approval, the Linux kernel finalized permanent Rust integration in late 2025, highlighting early successes like the first Rust CVE detection alongside major performance and security updates in kernel 6.19 and 6.18.

Jumatano, 18. Mwezi wa pili 2026, 11:16:48

Dell zero-day flaw unpatched for nearly two years

Jumatano, 11. Mwezi wa pili 2026, 00:43:36

Researchers discover SSHStalker botnet infecting Linux servers

Jumanne, 10. Mwezi wa pili 2026, 19:39:23

New Linux botnet SSHStalker uses IRC for command-and-control

Jumatano, 4. Mwezi wa pili 2026, 19:25:39

Russian hackers exploit Microsoft Office vulnerability days after patch

Ijumaa, 30. Mwezi wa kwanza 2026, 21:23:53

Researchers uncover ShadowHS Linux exploitation framework

Jumapili, 21. Mwezi wa kumi na mbili 2025, 12:02:47

Chinese hackers install backdoors via Cisco email zero-day

Jumamosi, 20. Mwezi wa kumi na mbili 2025, 09:12:44

Researchers investigate executable stack issues in Linux systems

Jumamosi, 13. Mwezi wa kumi na mbili 2025, 02:22:17

Rust-based Luca stealer targets Linux and Windows systems

Jumatano, 10. Mwezi wa kumi na mbili 2025, 07:11:22

North Korean hackers exploit maximum severity React2Shell flaw

Ijumaa, 7. Mwezi wa kumi na moja 2025, 02:51:12

Amazon discloses Linux WorkSpaces vulnerability in authentication tokens

 

 

 

Tovuti hii inatumia vidakuzi

Tunatumia vidakuzi kwa uchambuzi ili kuboresha tovuti yetu. Soma sera ya faragha yetu kwa maelezo zaidi.
Kataa