The **U.S. Cybersecurity and Infrastructure Security Agency (CISA)** has added **CVE-2025-68613** to its **Known Exploited Vulnerabilities (KEV) catalog**, mandating federal agencies to patch n8n instances by **March 25, 2026**, due to **active exploitation** of this critical remote code execution (RCE) flaw. The vulnerability, which allows **authenticated attackers** to execute arbitrary code with n8n process privileges, now poses an elevated risk as **over 40,000 unpatched instances** remain exposed globally, with **18,000+ in North America and 14,000+ in Europe**, per Shadowserver data. CISA’s directive underscores the **urgent need for patching**, advising organizations to **upgrade to n8n v1.122.0+**, restrict workflow permissions, and harden deployment environments if immediate updates are not feasible. This development follows a series of **critical n8n vulnerabilities** disclosed since late 2025, including **CVE-2026-21877 (CVSS 10.0)**, **CVE-2026-21858 (unauthenticated RCE)**, and **four March 2026 flaws (CVE-2026-27577, CVE-2026-27493, CVE-2026-27495, CVE-2026-27497)** enabling **sandbox escapes, credential theft, and unauthenticated expression injection**. Affected versions span **<1.123.22, >=2.0.0 <2.9.3, and >=2.10.0 <2.10.1**, with patches available in **1.123.22, 2.9.3, and 2.10.1**. The platform’s widespread use in **AI orchestration and enterprise automation**—coupled with its storage of **API keys, database credentials, and cloud secrets**—makes it a prime target for attackers seeking **full server compromise** or **lateral movement into connected systems**.

The Iranian hacktivist group Handala (a.k.a. Handala Hack Team) has claimed responsibility for a data-wiping attack against Stryker, a global medical technology company. The attack reportedly affected over 200,000 systems, servers, and mobile devices across Stryker’s offices in 79 countries. Handala claims to have stolen 50 terabytes of data before wiping tens of thousands of systems and servers. The group cited retaliation for a U.S. missile strike that killed 175 people, including children, as the motive. Stryker’s operations, particularly in Ireland, have been severely disrupted, with over 5,000 workers sent home. The attack utilized Microsoft Intune to issue remote wipe commands, causing significant operational downtime. Stryker’s website indicates the company has 56,000 employees in 61 countries. The attack has led to defaced login pages and widespread system shutdowns, with employees communicating via WhatsApp for updates.

An ongoing npm credential harvesting campaign dubbed PhantomRaven has been active since August 2025. The malware steals npm tokens, GitHub credentials, and CI/CD secrets from developers worldwide. New attack waves occurred between November 2025 and February 2026, distributing 88 packages via 50 disposable accounts. At least 126 npm packages have been infected, resulting in over 86,000 downloads. The attack uses Remote Dynamic Dependencies (RDD) to hide malicious code in externally hosted packages, evading npm security scans. The campaign exploits AI hallucinations to create plausible-sounding package names, a technique known as slopsquatting. As of October 30, 2025, the attacker-controlled URL can serve any kind of malware, initially serving harmless code before pushing a malicious version. The malware scans the developer environment for email addresses and gathers information about the CI/CD environment. The npm ecosystem allows easy publishing and low friction for packages, with lifecycle scripts executing arbitrary code at install time. As of October 29, 2025, at least 80 of the infected packages remain active. Researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate "@actions/artifact" package to target GitHub-owned repositories. The package incorporated a post-install hook to download and run malware in versions 4.0.12 to 4.0.17, and has been downloaded 47,405 times. The malware specifically targets repositories owned by the GitHub organization, indicating a targeted attack against GitHub.

France's National Cybersecurity Agency (ANSSI) reported a decline in ransomware attacks in 2025, attributing the drop to successful preventive interventions and law enforcement operations. Despite the decrease, ransomware remains a significant threat, particularly targeting SMBs, healthcare, and education sectors. The most prevalent ransomware strains observed were Qilin, Akira, and LockBit 3.0/LockBit Black. ANSSI also noted a rise in data exfiltration incidents and a drop in DDoS attacks. The agency highlighted the increasing overlap between nation-state groups and cybercriminals, complicating attribution efforts. Vincent Strubel, ANSSI’s director general, warned of potential hybrid attacks on critical infrastructure by 2030.

AI-driven browsers are vulnerable to a new prompt injection technique called PromptFix, which tricks them into executing malicious actions. The exploit embeds harmful instructions within fake CAPTCHA checks on web pages, leading AI browsers to interact with phishing sites or fraudulent storefronts without user intervention. This vulnerability affects AI browsers like Perplexity's Comet, which can be manipulated into performing actions such as purchasing items on fake websites or entering credentials on phishing pages. Researchers have demonstrated that AI browsers can be tricked into phishing scams in under four minutes by exploiting agentic blabbering. The attack leverages the AI browser's tendency to reason its actions and use it against the model to lower security guardrails. By intercepting traffic between the browser and AI services and feeding it to a Generative Adversarial Network (GAN), researchers made Perplexity's Comet AI browser fall victim to a phishing scam. The technique builds on prior methods like VibeScamming and Scamlexity, which exploit hidden prompt injections to carry out malicious actions. The attack involves building a 'scamming machine' that iteratively optimizes and regenerates a phishing page until the AI browser stops complaining and proceeds with the threat actor's actions. Once a fraudster iterates on a web page until it works against a specific AI browser, it works on all users relying on the same agent. The disclosure comes as Trail of Bits demonstrated four prompt injection techniques against the Comet browser to extract users' private information. Zenity Labs detailed two zero-click attacks affecting Perplexity's Comet, using indirect prompt injection to exfiltrate local files or hijack a user's 1Password account. Prompt injection attacks remain a fundamental security challenge for large language models (LLMs) and their integration into organizational workflows. OpenAI noted that prompt injection vulnerabilities in agentic browsers are unlikely to be fully resolved, but risks can be reduced through automated attack discovery and adversarial training.

Infosecurity Europe 2026 has announced its keynote lineup, featuring industry leaders and experts in cybersecurity. The event will include keynotes from Shlomo Kramer, Cynthia Kaiser, Maggie Alphonsi, and Jason Fox, covering topics such as technology trends, ransomware tactics, leadership, and cyber resilience. Additionally, technical sessions will delve into AI-driven cloud threats and post-quantum security. The conference is scheduled for June 2-4, 2026, with free registration available until May 5.

Nine cross-tenant vulnerabilities, collectively named LeakyLooker, were discovered in Google Looker Studio. These flaws could allow attackers to execute arbitrary SQL queries on victims' databases and exfiltrate sensitive data within Google Cloud environments. The vulnerabilities affected connectors to multiple cloud services, including BigQuery, Spanner, PostgreSQL, MySQL, Google Sheets, and Cloud Storage. Two distinct attack paths were identified: 0-click attacks targeting owner credentials and 1-click attacks targeting viewer credentials. The vulnerabilities were disclosed responsibly and have been addressed by Google. No evidence of exploitation in the wild has been found.

A widespread cybercriminal campaign has compromised over 250 legitimate WordPress websites across 12 countries to deliver infostealer malware. The attackers exploit user trust in these sites to infect visitors with malware such as Vidar Stealer, Impure Stealer, Vodka Stealer, and Double Donut. The campaign, active since December 2025, uses fake Cloudflare Captcha pages and ClickFix social engineering techniques to trick users into running malicious code, ultimately stealing sensitive data including login credentials and financial information.

A Russian-speaking threat actor has been targeting HR departments with a sophisticated malware campaign that delivers a new EDR killer named BlackSanta. The campaign employs social engineering and advanced evasion techniques to steal sensitive information from compromised systems. The malware is suspected to be distributed via spear-phishing emails containing ISO image files disguised as resumes, hosted on cloud storage services like Dropbox. The attack chain involves steganography, DLL sideloading, and process hollowing to execute malicious payloads while evading detection. BlackSanta specifically targets and disables endpoint security solutions, including antivirus, EDR, SIEM, and forensic tools, by terminating their processes at the kernel level. The campaign has been active for over a year, utilizing Bring Your Own Driver (BYOD) components to gain elevated privileges and suppress security tools. The malware performs checks on system language, hostnames, and running processes before carrying out further actions. The campaign's ability to exfiltrate sensitive information while maintaining encrypted communications underscores both its persistence and the risk posed to targeted organizations.

Researchers at Unit 42, Palo Alto Networks’ research lab, discovered that security guardrails in generative AI tools can be bypassed through prompt injection attacks. These guardrails, implemented as 'AI Judges' to enforce safety policies and evaluate output quality, can be manipulated into authorizing policy violations using stealthy input sequences. The attack method, demonstrated in a report published on March 10, 2026, involves an automated fuzzer called AdvJudge-Zero, which identifies trigger sequences that exploit the LLM’s decision-making logic to bypass security controls. The technique achieves a 99% success rate in bypassing controls across various widely used architectures, including open-weight enterprise LLMs and specialized reward models.

Meta has introduced new tools to protect users of Messenger and WhatsApp from scams. The tools include warnings for screen sharing during video calls on WhatsApp, a scam detection feature on Messenger, and a new security feature to help users spot potential scams when being added to a group chat by unknown contacts. Meta also reported actions taken against fraudulent accounts and scam centers. Meta's efforts are part of ongoing measures to combat scams, including romance baiting schemes operated by cybercrime syndicates in Southeast Asia. These scams often involve psychological manipulation and financial fraud. In 2025, Meta removed over 159 million scam ads and took down over 10.9 million accounts on Facebook and Instagram linked to criminal scam operations. Meta also participated in a global law enforcement operation that led to the arrest of 21 suspects and the shutdown of more than 150,000 accounts linked to scam networks in Southeast Asia.

Meta has disabled over 150,000 accounts linked to scam centers in Southeast Asia, in collaboration with authorities from multiple countries. This action follows a pilot initiative in December 2025 and includes new tools to detect and prevent scams. The U.K. government has also launched an Online Crime Centre to combat cybercrime, including scam operations across various regions. The coordinated effort resulted in 21 arrests by the Royal Thai Police. Meta highlighted the sophistication and industrialization of online scams, which often operate as full-scale business operations in countries like Cambodia, Myanmar, and Laos. The company introduced new tools to warn users about suspicious activities on Facebook, WhatsApp, and Messenger. In 2025, Meta removed 159 million scam ads and 10.9 million accounts associated with criminal scam centers. The U.K.'s new Online Crime Centre aims to disrupt scam operations using AI and specialized teams.

Multiple vendors, including SAP, Microsoft, Adobe, and Hewlett Packard Enterprise (HPE), have released security updates to address critical vulnerabilities that could lead to arbitrary code execution, privilege escalation, and authentication bypass. These flaws affect a wide range of enterprise software and network devices, posing significant risks to organizations. SAP patched two critical vulnerabilities: CVE-2019-17571 (CVSS 9.8) in SAP Quotation Management Insurance and CVE-2026-27685 (CVSS 9.1) in SAP NetWeaver Enterprise Portal Administration. Microsoft released patches for 84 vulnerabilities, including remote code execution flaws. Adobe addressed 80 vulnerabilities, with four critical flaws in Adobe Commerce and Magento Open Source. HPE fixed five vulnerabilities in Aruba Networking AOS-CX, including a severe authentication bypass flaw (CVE-2026-23813, CVSS 9.8). The patches highlight the ongoing need for vigilance in addressing vulnerabilities across enterprise software and network devices.

AI-driven automation is significantly reducing the cost and increasing the speed of cyber exploitation. Threat actors now use AI to accelerate reconnaissance, vulnerability discovery, exploit development, and operational tempo. This shift makes large vulnerability backlogs more dangerous, as attackers can exploit them faster. Boards and CISOs must address this by focusing on operational truth and reducing vulnerability exposure at the source. Regulatory pressures, such as the EU's Cyber Resilience Act (CRA) and Digital Operational Resilience Act (DORA), are increasing expectations for vulnerability handling and secure-by-design practices. Organizations must invest in reducing vulnerability backlogs to prevent operational disruption and legal liabilities.

UK organizations faced a significant year-on-year increase in cyber-attacks, nearly four times the global growth rate, despite having lower weekly attack volumes than the global average. The education, energy, utilities, government, healthcare, and financial services sectors were among the most targeted. Ransomware remains a critical threat, with 49 active groups identified, including Qilin, Clop, and The Gentlemen. Additionally, the widespread use of generative AI (GenAI) tools in corporate environments is exacerbating data exposure risks, with one in every 31 prompts posing a high risk of data leaks.

Microsoft's March 2026 Patch Tuesday addresses 84 vulnerabilities, including 2 publicly disclosed zero-day flaws. The updates fix critical vulnerabilities, including remote code execution flaws and information disclosure flaws. The patches cover a range of vulnerabilities, including elevation of privilege, security feature bypass, remote code execution, information disclosure, denial of service, and spoofing. Notably, CVE-2026-21262 allows attackers to elevate privileges to sysadmin over a network on SQL Server 2016 and later editions. Additionally, Microsoft fixed two remote code execution bugs in Microsoft Office that can be exploited via the preview pane. A notable flaw in Microsoft Excel could allow data exfiltration via Microsoft Copilot. The updates also include patches for nine browser vulnerabilities and an out-of-band update for Windows Server 2022 to address a certificate renewal issue with Windows Hello for Business. Microsoft is changing the default behavior of Windows Autopatch to enable hotpatch security updates starting with the May 2026 Windows security update.

The **UNC6426** threat actor has weaponized credentials stolen during the August 2025 **nx npm supply-chain attack** to execute a rapid cloud breach, escalating from a compromised GitHub token to **full AWS administrator access in under 72 hours**. By abusing GitHub-to-AWS OpenID Connect (OIDC) trust, the attacker deployed a new IAM role with `AdministratorAccess`, exfiltrated S3 bucket data, terminated production EC2/RDS instances, and **publicly exposed the victim’s private repositories** under the `/s1ngularity-repository-[randomcharacters]` naming scheme. This follows the broader *Shai-Hulud* and *SANDWORM_MODE* campaigns, which collectively compromised **over 400,000 secrets** via trojanized npm packages, GitHub Actions abuse, and AI-assisted credential harvesting (e.g., QUIETVAULT malware leveraging LLM tools). The attack chain began with the **Pwn Request** exploitation of a vulnerable `pull_request_target` workflow in nx, leading to trojanized package publication and theft of GitHub Personal Access Tokens (PATs). UNC6426 later used tools like **Nord Stream** to extract CI/CD secrets, highlighting the risks of **overprivileged OIDC roles** and **standing cloud permissions**. Researchers warn of escalating supply chain risks, including **self-propagating worms** (Shai-Hulud), **PackageGate vulnerabilities** bypassing npm defenses, and **AI-assisted prompt injection** targeting developer workflows. Mitigations include disabling postinstall scripts, enforcing least-privilege access, and rotating all credentials tied to npm, GitHub, and cloud providers.

Five malicious Rust crates were discovered masquerading as time-related utilities to exfiltrate .env files containing sensitive developer secrets. Additionally, an AI-powered bot named hackerbot-claw targeted CI/CD pipelines in major open-source repositories to harvest developer secrets. The Rust crates were published between late February and early March 2026, while the AI bot campaign occurred between February 21 and February 28, 2026. The impact includes potential compromise of downstream users and deeper access to environments, including cloud services and GitHub tokens.

A new Android malware named BeatBanker impersonates a Starlink app to hijack devices. It combines banking trojan functions with Monero mining, stealing credentials and tampering with cryptocurrency transactions. The malware is distributed via fake Google Play Store websites and uses sophisticated evasion techniques, including persistence via an inaudible MP3 file and dynamic mining operations. Kaspersky researchers discovered the malware targeting users in Brazil, with potential for expansion to other regions.

A new technique called 'Zombie ZIP' allows malware to evade detection by security tools by manipulating ZIP file headers. The method tricks security solutions into scanning compressed data as uncompressed, hiding the payload. The technique works against 50 out of 51 antivirus engines on VirusTotal. A proof-of-concept (PoC) has been published, and CERT/CC has issued a bulletin warning about the risks. The issue is similar to a vulnerability disclosed in 2004. The technique involves setting the ZIP Method field to STORED (Method=0), causing security tools to scan the data as raw uncompressed bytes. However, the data is actually DEFLATE compressed, making the scanner see compressed noise and miss malware signatures. A custom loader can ignore the header and decompress the data correctly. CERT/CC recommends that security tool vendors validate compression method fields, detect inconsistencies in archive structure, and implement more aggressive archive inspection modes. Users are advised to be cautious with archive files, especially from unknown sources.

Microsoft has released the Windows 10 KB5078885 extended security update to address vulnerabilities disclosed during the March 2026 Patch Tuesday. The update fixes two actively exploited zero-days and resolves an issue preventing some devices from shutting down. The update is available for Windows 10 Enterprise LTSC and devices enrolled in the Extended Security Updates (ESU) program. The update addresses 79 vulnerabilities, including security fixes and bug fixes introduced by previous updates. It also includes improvements to File History, Graphics, Secure Boot, and Fonts. Microsoft is rolling out new Secure Boot certificates to replace older 2011 certificates that expire in June 2026.

Jazz, a data loss prevention (DLP) startup, emerged from stealth mode with $61 million in combined seed and Series A funding. The company, founded by Israeli intelligence veterans, uses AI to understand data usage, intent, context, and risk, reducing DLP noise in large enterprises. Jazz aims to scale globally and expand its teams with the new investment.

Microsoft has integrated Sysmon (System Monitor) natively into Windows 11 and Windows Server 2025, eliminating the need for standalone deployment. This integration simplifies management and enhances threat hunting and diagnostics capabilities. The native support allows users to install Sysmon via Windows Update and manage it through the Optional Features settings. Microsoft also plans to release comprehensive documentation and introduce enterprise management features and AI-powered threat detection capabilities next year. Sysmon is a powerful tool for monitoring and logging events such as process creation, network connections, and file creation, which are crucial for detecting malicious activities. Users can enable Sysmon via the Command Prompt using the command 'sysmon -i' for basic monitoring, or use a custom configuration file for advanced monitoring. Additionally, Sysmon is now available as a built-in feature in Windows 11 and can be enabled through Settings or via command line. It is off by default and must be enabled before use. Users should uninstall any previously installed Sysmon from Sysinternals before enabling the built-in version.

Hewlett Packard Enterprise (HPE) has patched a maximum-severity remote code execution (RCE) vulnerability (CVE-2025-37164) in its OneView software, which has a CVSS score of 10.0. The flaw affects all versions before v11.00 and can be exploited by unauthenticated attackers in low-complexity attacks. The vulnerability was reported by Vietnamese security researcher Nguyen Quoc Khanh (brocked200). HPE advises immediate patching as there are no workarounds or mitigations available. HPE has not confirmed whether the vulnerability has been exploited in attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged the flaw as actively exploited in attacks and has given Federal Civilian Executive Branch (FCEB) agencies three weeks to secure their systems by January 28th. CISA encourages all organizations, including private sector, to patch their devices against this actively exploited flaw as soon as possible. HPE OneView is an IT infrastructure management software that streamlines IT operations and controls all systems via a centralized dashboard interface. The hotfix must be reapplied after upgrading from version 6.60 or later to version 7.00.00, or after any HPE Synergy Composer reimaging operations. Separate hotfixes are available for the OneView virtual appliance and Synergy Composer2. Additionally, HPE has patched multiple security vulnerabilities in the Aruba Networking AOS-CX operating system, including a critical authentication bypass vulnerability (CVE-2026-23813) that allows unauthenticated attackers to reset admin passwords. HPE has not found publicly available exploit code or evidence of exploitation in the wild.

OpenAI has acquired Promptfoo, a security testing firm specializing in agentic AI, to enhance the security framework of its enterprise-focused AI ecosystem. The acquisition aims to address the need for systematic testing of AI agent behavior, detecting risks before deployment, and maintaining oversight and accountability. Promptfoo's open-source tools will be integrated into OpenAI Frontier, providing automated security testing and red-teaming capabilities to identify and remediate risks such as prompt injections, jailbreaks, and data leaks. Jamieson O’Reilly, security advisor at OpenClaw, highlighted the importance of developing tools to scan AI for human-language malware, emphasizing the need for advanced security measures in AI development.

A Russian-speaking, financially motivated hacker used generative AI services to breach over 600 FortiGate firewalls across 55 countries in five weeks. The campaign, which occurred between January 11 and February 18, 2026, targeted exposed management interfaces and weak credentials lacking MFA protection. The attacker used AI to automate access to other devices on breached networks, extracting sensitive configuration data and conducting reconnaissance. The attacker successfully compromised multiple organizations' Active Directory environments, extracted complete credential databases, and targeted backup infrastructure, likely in a lead-up to ransomware deployment. The threat actor used the CyberStrikeAI AI-powered security testing platform, which integrates over 100 security tools and allows for end-to-end automation of attacks. The developer of CyberStrikeAI, known as "Ed1s0nZ," has links to Chinese government-affiliated cyber operations and has worked on additional AI-assisted security tools. Team Cymru detected 21 unique IP addresses running CyberStrikeAI between January 20 and February 26, 2026, primarily hosted in China, Singapore, and Hong Kong. Additional servers related to CyberStrikeAI have been detected in the U.S., Japan, and Switzerland. The developer has interacted with organizations supporting potentially Chinese government state-sponsored cyber operations, including Knownsec 404, a Chinese security vendor with ties to the Chinese Ministry of State Security (MSS). Ed1s0nZ has removed references to a CNNVD Level 2 Contribution Award from their GitHub profile. The campaign targeted healthcare, government, and managed service providers. The attackers exploited vulnerabilities CVE-2025-59718, CVE-2025-59719, and CVE-2026-24858. The attackers created a new local administrator account named "support" and set up four new firewall policies allowing unrestricted access. The attackers periodically checked device accessibility, consistent with initial access broker (IAB) behavior. The attackers extracted configuration files containing encrypted service account LDAP credentials. The attackers authenticated to the AD using clear text credentials from the fortidcagent service account. The attackers enrolled rogue workstations in the AD, allowing deeper access. The attackers deployed remote access tools like Pulseway and MeshAgent. The attackers downloaded malware from a cloud storage bucket via PowerShell from AWS infrastructure. The Java malware was used to exfiltrate the contents of the NTDS.dit file and SYSTEM registry hive to an external server (172.67.196[.]232) over port 443.

A new botnet named KadNap targets ASUS routers and other edge networking devices, turning them into proxies for malicious traffic. Since August 2025, it has grown to 14,000 devices, using a peer-to-peer network and a custom Kademlia Distributed Hash Table (DHT) protocol to evade detection. The botnet is linked to the Doppelganger proxy service, which sells access to infected devices for cybercrime activities. Most infected devices are located in the United States (60%), followed by Taiwan, Hong Kong, and Russia. The infection begins with a malicious script that downloads an ELF binary, establishing persistence via a cron job. The botnet uses NTP servers for time synchronization and a modified Kademlia protocol for communication, making it difficult to identify and disrupt the command-and-control (C2) infrastructure. Lumen Technologies has taken proactive measures to block network traffic to and from the control infrastructure, but the disruption is limited to their network. Indicators of compromise will be released to help others disrupt the botnet. KadNap malware uses a shell script (aic.sh) downloaded from the C2 server (212.104.141[.]140) to initiate the process of conscripting the victim to the P2P network. The malware creates a cron job to retrieve the shell script from the server at the 55-minute mark of every hour, rename it to .asusrouter, and run it. Once persistence is established, the script pulls a malicious ELF file, renames it to kad, and executes it. The files fwr.sh and /tmp/.sose contain functionality to close port 22, the standard TCP port for Secure Shell (SSH), on the infected device and extract a list of C2 IP address:port combinations to connect to.

Only 24% of organizations test their identity disaster recovery plans every six months, despite rising investment in identity threat detection and response (ITDR). The research highlights a gap in recovery preparedness, with many organizations focusing on preventative controls while neglecting response and recovery readiness. This lack of testing can lead to severe business impacts during identity-related incidents.

A critical security vulnerability (CVE-2025-55182, CVSS 10.0) in React Server Components (RSC) allows unauthenticated remote code execution due to unsafe deserialization of payloads. The flaw affects multiple versions of React and Next.js, potentially impacting any application using RSC. The issue has been patched, but 39% of cloud environments remain vulnerable. Cloudflare experienced a widespread outage due to an emergency patch for this vulnerability, and multiple China-linked hacking groups have begun exploiting it. NHS England National CSOC has warned of the likelihood of continued exploitation in the wild. Major companies such as Google Cloud, AWS, and Cloudflare immediately responded to the vulnerability. The security researcher Lachlan Davidson disclosed the vulnerability on November 29, 2025, to the Meta team. The flaw has been dubbed React2Shell, a nod to the Log4Shell vulnerability discovered in 2021. The US National Vulnerability Database (NVD) rejected CVE-2025-66478 as a duplicate of CVE-2025-55182. Exploitation success rate is reported to be nearly 100% in default configurations. React servers that use React Server Function endpoints are known to be vulnerable. The Next.js web application is also vulnerable in its default configuration. At the time of writing, it is unknown if active exploitation has occurred, but there have been some reports of observed exploitation activity as of December 5, 2026. OX Security warned that the flaw is now actively exploitable on December 5, around 10am GMT. Hacker maple3142 published a working PoC, and OX Security successfully verified it. JFrog identified fake proof-of-concepts (PoC) on GitHub, warning security teams to verify sources before testing. Cloudflare started investigating issues on December 5 at 08:56 UTC, and a fix was rolled out within half an hour, but by that time outages had been reported by several major internet services, including Zoom, LinkedIn, Coinbase, DoorDash, and Canva. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog on December 6, 2025, following confirmed active exploitation. The vulnerability is tracked as React2Shell and is related to a remote code execution flaw in React Server Components (RSC). The flaw is due to insecure deserialization in the Flight protocol used by React to communicate between a server and client. The vulnerability affects versions 19.0, 19.1.0, 19.1.1, and 19.2.0 of react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack. Patched versions of React are 19.0.1, 19.1.2, and 19.2.1. Downstream frameworks impacted include Next.js, React Router, Waku, Parcel, Vite, and RedwoodSDK. Amazon reported attack attempts from Chinese hacking groups like Earth Lamia and Jackpot Panda within hours of public disclosure. Coalition, Fastly, GreyNoise, VulnCheck, and Wiz reported seeing exploitation efforts targeting the flaw. Some attacks involved the deployment of cryptocurrency miners and the execution of "cheap math" PowerShell commands. Censys identified about 2.15 million instances of internet-facing services potentially affected by the vulnerability. Palo Alto Networks Unit 42 confirmed over 30 affected organizations across numerous sectors, with activity consistent with Chinese hacking group UNC5174. Security researcher Lachlan Davidson released multiple proof-of-concept (PoC) exploits for the vulnerability. Another working PoC was published by a Taiwanese researcher with the GitHub handle maple3142. Federal Civilian Executive Branch (FCEB) agencies have until December 26, 2025, to apply the necessary updates to secure their networks. Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182). Researchers have confirmed that attackers have already compromised over 30 organizations across multiple sectors using the React2Shell flaw. Shadowserver detected 77,664 IP addresses vulnerable to the React2Shell flaw, with approximately 23,700 in the United States. GreyNoise recorded 181 distinct IP addresses attempting to exploit the flaw over the past 24 hours, with most of the traffic appearing automated. Attackers frequently begin with PowerShell commands that perform a basic math function to confirm the device is vulnerable to the remote code execution flaw. Once remote code execution was confirmed, attackers were seen executing base64-encoded PowerShell commands that download additional scripts directly into memory. One observed command executes a second-stage PowerShell script from the external site (23[.]235[.]188[.]3), which is used to disable AMSI to bypass endpoint security and deploy additional payloads. The PowerShell script observed by GreyNoise installs a Cobalt Strike beacon on the targeted device, giving threat actors a foothold on the network. Amazon AWS threat intelligence teams saw rapid exploitation hours after the disclosure of the React CVE-2025-55182 flaw, with infrastructure associated with China-linked APT hacking groups known as Earth Lamia and Jackpot Panda. Palo Alto Networks observed similar exploitation, attributing some of it to UNC5174, a Chinese state-sponsored threat actor believed to be tied to the Chinese Ministry of State Security. The deployed malware in these attacks includes Snowlight and Vshell, both commonly used by Chinese hacking groups for remote access, post-exploitation activity, and to move laterally through a compromised network. Earth Lamia is known for exploiting web application vulnerabilities to target organizations across Latin America, the Middle East, and Southeast Asia. Earth Lamia has historically targeted sectors across financial services, logistics, retail, IT companies, universities, and government organizations. Jackpot Panda primarily targets entities in East and Southeast Asia. The Shadowserver Foundation has identified over 77,000 vulnerable IPs following a scan of exposed HTTP services across a wide variety of exposed edge devices and other applications. Censys observed just over 2.15 million instances of internet-facing services that may be affected by this vulnerability, including exposed web services using React Server Components and exposed instances of frameworks such as Next.js, Waku, React Router, and RedwoodSDK. The bug is a pre-authentication remote code execution (RCE) vulnerability which exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0. React issued a security advisory with the relevant patches and updates on December 3. Any internet-accessible server running the affected React Server Components code should be assumed vulnerable until updated as a precaution. AWS observed that many threat actors are attempting to use public PoCs that don’t work in real-world scenarios. AWS noted that the use of these PoCs shows that threat actors prioritize rapid operationalization over thorough testing, attempting to exploit targets with any available tool. Using multiple PoCs to scan for vulnerable environments also gives threat actors a higher chance of identifying vulnerable configurations, even if the PoCs are non-functional. The availability of the PoCs also allows less sophisticated actors to participate in exploitation campaigns. Finally, AWS noted that even failed exploitation attempts create significant noise in logs, potentially masking more sophisticated attacks. The invalid PoCs can give developers a false sense of security when testing for React2Shell. The Shadowserver Foundation detected 28,964 IP addresses vulnerable to the React2Shell flaw as of December 7, 2025, down from 77,664 on December 5, with approximately 10,100 located in the U.S., 3,200 in Germany, and 1,690 in China. Huntress observed attackers targeting numerous organizations via CVE-2025-55182, with a focus on the construction and entertainment industries. The first recorded exploitation attempt on a Windows endpoint by Huntress dates back to December 4, 2025, when an unknown threat actor exploited a vulnerable instance of Next.js to drop a shell script, followed by commands to drop a cryptocurrency miner and a Linux backdoor. Attackers were observed launching discovery commands and attempting to download several payloads from a command-and-control (C2) server. Huntress identified a Linux backdoor called PeerBlight, a reverse proxy tunnel named CowTunnel, and a Go-based post-exploitation implant referred to as ZinFoq. PeerBlight shares code overlaps with two malware families RotaJakiro and Pink that came to light in 2021, installs a systemd service to ensure persistence, and masquerades as a "ksoftirqd" daemon process to evade detection. CowTunnel initiates an outbound connection to attacker-controlled Fast Reverse Proxy (FRP) servers, effectively bypassing firewalls that are configured to only monitor inbound connections. ZinFoq implements a post-exploitation framework with interactive shell, file operations, network pivoting, and timestomping capabilities. Huntress assessed that the threat actor is likely leveraging automated exploitation tooling, supported by the attempts to deploy Linux-specific payloads on Windows endpoints, indicating the automation does not differentiate between target operating systems. PeerBlight supports capabilities to establish communications with a hard-coded C2 server ("185.247.224[.]41:8443"), allowing it to upload/download/delete files, spawn a reverse shell, modify file permissions, run arbitrary binaries, and update itself. ZinFoq beacons out to its C2 server and is equipped to parse incoming instructions to run commands using "/bin/bash," enumerate directories, read or delete files, download more payloads from a specified URL, exfiltrate files and system information, start/stop SOCKS5 proxy, enable/disable TCP port forwarding, alter file access and modification times, and establish a reverse pseudo terminal (PTY) shell connection. ZinFoq takes steps to clear bash history and disguises itself as one of 44 legitimate Linux system services to conceal its presence. CISA has urged federal agencies to patch the React2Shell vulnerability by December 12, 2025, amid reports of widespread exploitation. The vulnerability has been exploited by multiple threat actors in various campaigns to engage in reconnaissance efforts and deliver a wide range of malware families. Wiz observed a "rapid wave of opportunistic exploitation" of the flaw, with a vast majority of the attacks targeting internet-facing Next.js applications and other containerized workloads running in Kubernetes and managed cloud services. Cloudflare reported that threat actors have conducted searches using internet-wide scanning and asset discovery platforms to find exposed systems running React and Next.js applications. Some of the reconnaissance efforts have excluded Chinese IP address spaces from their searches. The observed activity targeted government (.gov) websites, academic research institutions, and critical-infrastructure operators. Early scanning and exploitation attempts originated from IP addresses previously associated with Asia-affiliated threat clusters. Kaspersky recorded over 35,000 exploitation attempts on a single day on December 10, 2025, with the attackers first probing the system by running commands like whoami, before dropping cryptocurrency miners or botnet malware families like Mirai/Gafgyt variants and RondoDox. Security researcher Rakesh Krishnan discovered an open directory hosted on "154.61.77[.]105:8082" that includes a proof-of-concept (PoC) exploit script for CVE-2025–55182 along with two other files: "domains.txt," which contains a list of 35,423 domains, and "next_target.txt," which contains a list of 596 URLs, including companies like Dia Browser, Starbucks, Porsche, and Lululemon. The Shadowserver Foundation reported more than 137,200 internet-exposed IP addresses running vulnerable code as of December 11, 2025, with over 88,900 instances located in the U.S., followed by Germany (10,900), France (5,500), and India (3,600). Google's threat intelligence team linked five more Chinese hacking groups to attacks exploiting the React2Shell vulnerability. The list of state-linked threat groups exploiting the flaw now also includes UNC6600, UNC6586, UNC6588, UNC6603, and UNC6595. GTIG researchers observed numerous discussions regarding CVE-2025-55182 in underground forums, including threads where threat actors shared links to scanning tools, proof-of-concept (PoC) code, and their experiences using these tools. GTIG also spotted Iranian threat actors targeting the flaw and financially motivated attackers deploying XMRig cryptocurrency mining software on unpatched systems. Shadowserver Internet watchdog group is currently tracking over 116,000 IP addresses vulnerable to React2Shell attacks, with over 80,000 in the United States. GreyNoise has observed over 670 IP addresses attempting to exploit the React2Shell remote code execution flaw over the past 24 hours, primarily originating from the United States, India, France, Germany, the Netherlands, Singapore, Russia, Australia, the United Kingdom, and China. Threat actors are exploiting the React2Shell vulnerability to deliver malware families like KSwapDoor and ZnDoor. KSwapDoor is a professionally engineered remote access tool designed with stealth in mind, building an internal mesh network and using military-grade encryption. KSwapDoor impersonates a legitimate Linux kernel swap daemon to evade detection. ZnDoor is a remote access trojan that contacts threat actor-controlled infrastructure to receive and execute commands. ZnDoor supports commands such as shell, interactive_shell, explorer, explorer_cat, explorer_delete, explorer_upload, explorer_download, system, change_timefile, socket_quick_startstreams, start_in_port_forward, and stop_in_port. Google identified five China-nexus groups exploiting React2Shell to deliver various payloads, including MINOCAT, SNOWLIGHT, COMPOOD, HISONIC, and ANGRYREBEL. Microsoft reported that threat actors have used the flaw to run arbitrary commands, set up reverse shells, drop RMM tools, and modify authorized_keys files. Payloads delivered in these attacks include VShell, EtherRAT, SNOWLIGHT, ShadowPad, and XMRig. Threat actors used Cloudflare Tunnel endpoints to evade security defenses and conducted reconnaissance for lateral movement and credential theft. Credential harvesting targeted Azure Instance Metadata Service (IMDS) endpoints for Azure, AWS, GCP, and Tencent Cloud. Threat actors deployed secret discovery tools such as TruffleHog and Gitleaks, along with custom scripts to extract various secrets. Beelzebub detailed a campaign exploiting Next.js flaws to extract credentials and sensitive data, including environment files, SSH keys, cloud credentials, and system files. The malware creates persistence, installs a SOCKS5 proxy, establishes a reverse shell, and installs a React scanner for further propagation. Operation PCPcat has breached an estimated 59,128 servers. The Shadowserver Foundation is tracking over 111,000 IP addresses vulnerable to React2Shell attacks, with over 77,800 instances in the U.S. GreyNoise observed 547 malicious IP addresses from the U.S., India, the U.K., Singapore, and the Netherlands partaking in exploitation efforts over the past 24 hours. The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. First documented by Fortinet in July 2025, RondoDox is a large-scale botnet that targets multiple n-day flaws in global attacks. In November, VulnCheck spotted new RondoDox variants that featured exploits for CVE-2025-24893, a critical remote code execution (RCE) vulnerability in the XWiki Platform. A new report from cybersecurity company CloudSEK notes that RondoDox started scanning for vulnerable Next.js servers on December 8 and began deploying botnet clients three days later. React2Shell is an unauthenticated remote code execution vulnerability that can be exploited via a single HTTP request and affects all frameworks that implement the React Server Components (RSC) 'Flight' protocol, including Next.js. The flaw has been leveraged by several threat actors to breach multiple organizations. North Korean hackers exploited React2Shell to deploy a new malware family named EtherRAT. As of December 30, the Shadowserver Foundation reports detecting over 94,000 internet-exposed assets vulnerable to React2Shell. CloudSEK says that RondoDox has passed through three distinct operational phases this year: Reconnaissance and vulnerability testing from March to April 2025, Automated web app exploitation from April to June 2025, Large-scale IoT botnet deployment from July to today. Regarding React2Shell, the researchers report that RondoDox has focused its exploitation around the flaw significantly lately, launching over 40 exploit attempts within six days in December. During this operational phase, the botnet conducts hourly IoT exploitation waves targeting Linksys, Wavlink, and other consumer and enterprise routers to enroll new bots. After probing potentially vulnerable servers, CloudSEK says that RoundDox started to deploy payloads that included a coinminer (/nuts/poop), a botnet loader and health checker (/nuts/bolts), and a variant of Mirai (/nuts/x86). The 'bolts' component removes competing botnet malware from the host, enforces persistence via /etc/crontab, and kills non-whitelisted processes every 45 seconds, the researchers say. CloudSEK provides a set of recommendations for companies to protect against this RondoDox activity, among them auditing and patching Next.js Server Actions, isolating IoT devices into dedicated virtual LANs, and monitoring for suspicious processes being executed. Threat actors targeting cloud environments now favor campaigns which gain initial access by exploiting software vulnerabilities over credential-based attacks. Third-party software-based entry accounted for 44.5% of primary entry vectors during the second half of 2025, up from 2.9% in the first half. Abuse of weak or absent credentials as an entry point dropped from 47.1% in the first half of 2025 to 27.2% in the second half. React2Shell (CVE-2025-55182) was one of the most commonly exploited vulnerabilities to target cloud services. Google Cloud noted that within 48 hours of the public disclosure of React2Shell, multiple threat actors had already exploited the vulnerability to infect victims with cryptocurrency mining malware. The window between vulnerability disclosure and mass exploitation collapsed from weeks to just days. Google Cloud recommended using centralized visibility tools to secure data and automated posture enforcement to mitigate risks. Google Cloud advised organizations to pivot from manual patching to automated defenses, such as patching the Web Application Firewall (WAF), to neutralize exploits at the network edge before software updates can be applied.

Microsoft is rolling out passkey support for Microsoft Entra on Windows devices, enabling phishing-resistant passwordless authentication via Windows Hello. This feature is opt-in and will be available in public preview from mid-March through late April 2026 for worldwide tenants, with government cloud environments following in mid-April through mid-May. The update extends passwordless sign-in to unmanaged Windows devices, addressing a previous security gap. The passkeys are device-bound and cryptographically secured, preventing theft via phishing or malware. Each Entra account registers its own passkey per device, and multiple accounts can coexist on a single machine. However, passkeys cannot be synced across devices, requiring separate registration for each account. To enroll in the public preview, IT administrators must enable the Passkeys (FIDO2) authentication method in Entra's Authentication Methods policies, create a passkey profile with the required Windows Hello AAGUIDs, and assign it to the appropriate groups.