React2Shell threat actors are exploiting a critical vulnerability in React Server Components to deliver malware payloads, including cryptocurrency miners and Linux backdoors. Organized campaigns target various sectors globally, with automated tools supporting extensive exploitation efforts. #ReactServerComponents #PeerBlight
Keypoints
- Threat actors are actively exploiting CVE-2025-55182 in React Server Components for remote code execution.
- Malware families like PeerBlight, CowTunnel, and ZinFoq are being used in these attacks to establish persistence and control.
- The campaigns target organizations across multiple sectors, notably construction and entertainment industries.
- Attackers leverage automation tools, exploit vulnerabilities on different operating systems, and use sophisticated C2 communication methods.
- Over 165,000 IPs and domains have been identified with vulnerable code, with the United States being most affected.
Read More: https://thehackernews.com/2025/12/react2shell-exploitation-delivers.html