RondoDox botnet exploits React2Shell flaw to breach Next.js servers

Published on December 31, 2025

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. [...]

Continue reading on website
Other news

IBM Warns of Critical API Connect Bug Allowing Remote Authentication Bypass

December 31, 2025
IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application.The vulnerability, tracked as CVE-2025-13915, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw."IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain

Hackers drain $3.9M from Unleash Protocol after multisig hijack

December 31, 2025
The decentralized intellectual property platform Unleash Protocol has lost around $3.9 million worth of cryptocurrency after someone executed an unauthorized contract upgrade that allowed asset withdrawals. [...]