ALL POSTS

Key Findings The RondoDox botnet is exploiting the critical React2Shell vulnerability (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. The RondoDox botnet has been active since 2024 and has evolved through three phases: reconnaissance and vulnerability testing, automated web application exploitation, and large-scale IoT botnet deployment. The botnet now runs hourly IoT exploitation waves targeting routers from vendors like Linksys and Wavli

Key Findings Critical security flaw discovered in React Server Components (RSC) with a CVSS score of 10.0 (maximum severity) Vulnerability allows unauthenticated remote code execution (RCE) by exploiting a deserialization issue in how React decodes payloads sent to React Server Function endpoints Issue affects React versions 19.0, 19.1.0, 19.1.1, and 19.2.0, as well as Next.js versions >=14.3.0-canary.77, >=15, and >=16 Vulnerability codenamed "React2shell" and assigned CVE-2