Critical React2Shell flaw exploited in ransomware attacks

Published on December 17, 2025

A ransomware gang exploited the critical React2Shell vulnerability (CVE-2025-55182) to gain initial access to corporate networks and deployed the file-encrypting malware less than a minute later. [...]

Continue reading on website
Other news

APT28 Targets Ukrainian UKR-net Users in Long-Running Credential Phishing Campaign

December 17, 2025
The Russian state-sponsored threat actor known as APT28 has been attributed to what has been described as a "sustained" credential-harvesting campaign targeting users of UKR[.]net, a webmail and news service popular in Ukraine.The activity, observed by Recorded Future's Insikt Group between June 2024 and April 2025, builds upon prior findings from the cybersecurity company in May 2024 that

Sonicwall warns of new SMA1000 zero-day exploited in attacks

December 17, 2025
SonicWall warned customers today to patch a vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC) that was chained in zero-day attacks to escalate privileges. [...]