North Korean hackers exploit maximum severity React2Shell flaw

Ongoing exploitation of the React2Shell vulnerability (CVE-2025-55182)—previously detailed in coverage of China-nexus and cybercriminal campaigns—now includes widespread Linux backdoor installations, arbitrary command execution, and large-scale theft of cloud credentials.

December 13, 2025 由 AI 报道

Building on earlier PeerBlight attacks, Google Threat Intelligence reports exploitation of the React2Shell vulnerability (CVE-2025-55182) by China-nexus clusters and financially motivated actors deploying backdoors and cryptocurrency miners on vulnerable React and Next.js systems.

South Korea's defense ministry strongly condemned North Korea's short-range ballistic missile launch on November 8, urging Pyongyang to immediately halt actions heightening tensions on the peninsula. The launch occurred a day after North Korea warned of measures against recent U.S. sanctions. U.S. Forces Korea acknowledged the incident and emphasized readiness to defend allies.

January 13, 2026 由 AI 报道

基于Chainalysis报告记录的朝鲜黑客在2025年窃取20.2亿美元加密货币，美国国务院官员在联合国会议上表示，平壤去年很可能窃取了超过20亿美元，以支持其核与导弹计划。该数字与多边制裁监测小组发现的2025年1月至9月窃取超过16亿美元的结论一致。

North Korea's hacking group Lazarus is suspected of being behind a recent breach of around 45 billion won ($30.6 million) in cryptocurrency from South Korea's largest exchange Upbit. Authorities plan an on-site investigation, while Upbit operator Dunamu will cover the full loss with its own assets. The incident resembles a 2019 hack at Upbit attributed to the same group.

October 27, 2025 由 AI 报道

The Qilin ransomware group, also known as Agenda, has developed a hybrid attack using Linux payloads on Windows hosts to evade detection. By abusing legitimate remote management tools and exploiting vulnerable drivers, attackers disable defenses and target backups. This cross-platform tactic highlights evolving ransomware sophistication.