React2Shell fallout spreads to sensitive targets as public exploits hit all-time high | CyberScoop<\/title> <meta name=\"description\" content=\"Attacker interest in the vulnerability is magnified by an unparalleled number of publicly available exploits, earning the defect the highest verified public exploit count of any CVE ever.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/react2shell-vulnerability-fallout-spreads\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"React2Shell fallout spreads to sensitive targets as public exploits hit all-time high\"> <meta property=\"og:description\" content=\"Attacker interest in the vulnerability is magnified by an unparalleled number of publicly available exploits, earning the defect the highest verified public exploit count of any CVE ever.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/react2shell-vulnerability-fallout-spreads\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-12-17T22:59:59+00:00\"> <meta property=\"article:modified_time\" content=\"2025-12-17T23:00:02+00:00\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/react2shell-fallout-spreads-to-sensitive-targets-as-public-exploits-hit-all-time-high-2.jpg\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1765909325g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1764700876g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1763439630g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/87193\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=87193\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Freact2shell-vulnerability-fallout-spreads%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Freact2shell-vulnerability-fallout-spreads%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-87193 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/react2shell-vulnerability-fallout-spreads\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.745901639344\">\n<div class=\"single-article__header-content\" readability=\"32.153354632588\">\n<p> Attacker interest in the vulnerability is magnified by an unparalleled number of publicly available exploits, earning the defect the highest verified public exploit count of any CVE ever. <\/p>\n<p>   <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"274\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/react2shell-fallout-spreads-to-sensitive-targets-as-public-exploits-hit-all-time-high.jpg?resize=640%2C274&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"Binary code depicted in waves.\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/react2shell-fallout-spreads-to-sensitive-targets-as-public-exploits-hit-all-time-high-2.jpg 2644w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/react2shell-fallout-spreads-to-sensitive-targets-as-public-exploits-hit-all-time-high-2.jpg?resize=300,129 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/react2shell-fallout-spreads-to-sensitive-targets-as-public-exploits-hit-all-time-high-2.jpg?resize=768,329 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/react2shell-fallout-spreads-to-sensitive-targets-as-public-exploits-hit-all-time-high-2.jpg?resize=1024,439 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/react2shell-fallout-spreads-to-sensitive-targets-as-public-exploits-hit-all-time-high-2.jpg?resize=1536,658 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/react2shell-fallout-spreads-to-sensitive-targets-as-public-exploits-hit-all-time-high-2.jpg?resize=2048,878 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/react2shell-fallout-spreads-to-sensitive-targets-as-public-exploits-hit-all-time-high-2.jpg?resize=600,257 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/react2shell-fallout-spreads-to-sensitive-targets-as-public-exploits-hit-all-time-high-2.jpg?resize=1200,514 1200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/react2shell-fallout-spreads-to-sensitive-targets-as-public-exploits-hit-all-time-high-2.jpg?resize=1500,643 1500w\" sizes=\"(max-width: 1200px) 100vw, 1200px\"><figcaption> Binary code depicted in waves. (iStock\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"64.241753063148\"><body readability=\"132.82920878355\"><\/p>\n<p>Fallout from <a href=\"https:\/\/cyberscoop.com\/react2shell-attacks-surge-50-victims\/\">React2Shell<\/a> \u2014 a stubborn vulnerability that impacts wide swaths of the internet\u2019s scaffolding \u2014 continues to spread as public exploits and stealth backdoors proliferate and worrying details emerge about the targets attackers are pursuing. <\/p>\n<p>Threat researchers and incident responders are reacting to swift-moving developments on React2Shell with mounting concern. Cybercriminals, ransomware gangs and nation-state threat groups are all swarming to exploit the maximum-severity vulnerability.<\/p>\n<p>Palo Alto Networks\u2019 Unit 42 puts the latest victim count at more than 60 organizations, which have been impacted by attacks involving exploitation of <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-55182\">CVE-2025-55182<\/a>, which Meta and the React team <a href=\"https:\/\/cyberscoop.com\/react-server-vulnerability-critical-severity-security-update\/\">publicly disclosed<\/a> Dec. 3.<\/p>\n<p>Microsoft said it found \u201cseveral hundred machines across a diverse set of organizations\u201d that were compromised via exploitation resulting in remote-code execution. Post-exploitation activity in those attacks includes reverse shell implants, lateral movement, data theft and steps that allowed attackers to maintain access to targeted networks, Microsoft said in a <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/12\/15\/defending-against-the-cve-2025-55182-react2shell-vulnerability-in-react-server-components\/\">research blog<\/a> Tuesday. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The full scope of attacker interest in the vulnerability is magnified by an unparalleled number of publicly available exploits \u2014 underscoring the relative ease and myriad ways unauthenticated attackers can trigger the defect to elevate privileges and pivot into other parts of targeted networks. <\/p>\n<p>VulnCheck confirmed about 180 valid public exploits for React2Shell as of Monday with dozens more still under review. \u201cReact2Shell CVE-2025-55182 now has the highest verified public exploit count of any CVE,\u201d Caitlin Condon, vice president of research at VulnCheck, told CyberScoop.<\/p>\n<p>Ongoing clean-up efforts for React2Shell also led to the discovery of <a href=\"https:\/\/react.dev\/blog\/2025\/12\/11\/denial-of-service-and-source-code-exposure-in-react-server-components\">three new defects<\/a> affecting React Server Components last week, including <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-55183\">CVE-2025-55183<\/a> and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-67779\">CVE-2025-67779<\/a>, which fixes an apparent bypass for <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-55184\">CVE-2025-55184<\/a>, she said. <\/p>\n<p>\u201cThe worst-case scenario on many defenders\u2019 minds presently is that a true patch bypass for CVE-2025-55182 might arise. So far, this hasn\u2019t come to pass,\u201d Condon added. <\/p>\n<p>Researchers continue to urge organizations to apply the patch for CVE-2025-55182, but note that the additional CVEs are not addressed in some early versions of the patch. And, of course, patching won\u2019t evict attackers that already gained access to systems. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Attacks of <a href=\"https:\/\/cyberscoop.com\/attackers-exploit-react-server-vulnerability\/\">different origins and motivations<\/a> continue to spread globally. <\/p>\n<p>Google Threat Intelligence said it has observed financially motivated attackers and at least <a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/threat-actors-exploit-react2shell-cve-2025-55182\/\">five Chinese espionage threat groups<\/a> exploiting the defect across multiple regions and industries. GTIG said it also identified attacks attributed to Iran, but it did not provide more information. <\/p>\n<p>Amazon previously said its threat intelligence teams observed active exploitation attempts by Earth Lamia and Jackpot Panda within hours of the vulnerability\u2019s public disclosure.<\/p>\n<p>Cybersecurity firm S-RM said it responded to a ransomware attack Dec. 5 that involved React2Shell exploitation as an initial access vector. Attackers executed Weaxor ransomware within a minute of gaining access to the victim\u2019s network, the company said in a <a href=\"https:\/\/www.s-rminform.com\/latest-thinking\/react2shell-used-as-initial-access-vector-for-weaxor-ransomware-deployment\">blog post<\/a> Tuesday.<\/p>\n<p>Evidence of spiking malicious activity, including exploitation attempts, is showing up across the threat intelligence landscape. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Cloudflare said multiple Asia-based threat groups have been meticulous in targeting networks in Taiwan, the autonomous region of Xinjiang Uygur, Vietnam, Japan and New Zealand, yet other selective targets were observed, including U.S. government websites, academic research institutions and critical infrastructure operators. <\/p>\n<p>\u201cThese infrastructure operators specifically included a national authority responsible for the import and export of uranium, rare metals and nuclear fuel,\u201d Cloudflare\u2019s threat intelligence team wrote in a <a href=\"https:\/\/blog.cloudflare.com\/react2shell-rsc-vulnerabilities-exploitation-threat-brief\/\">blog post<\/a>.<\/p>\n<p>Several U.S.-based state and federal government agencies have been targeted, but there\u2019s no confirmed exploitation, Blake Darch\u00e9, head of threat intelligence at Cloudflare, told CyberScoop. The Cybersecurity and Infrastructure Security Agency declined to comment on attempted attacks against government agencies. <\/p>\n<p>\u201cVictimology has now evolved to be universal, with critical infrastructure targets just a small slice of all organizations and industries under attack,\u201d Darch\u00e9 added.<\/p>\n<p>While successful compromises are outside of GreyNoise\u2019s visibility, malicious activity spotted by its sensors are continuing to pop off, according to Andrew Morris, the company\u2019s founder and chief architect.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cExploitation is still very high with the number of cumulative networks exploiting this vulnerability reaching all-time highs almost every single day since disclosure,\u201d he wrote in a <a href=\"https:\/\/www.linkedin.com\/posts\/andrew---morris_react2shell-continues-to-pop-off-by-our-count-activity-7406791119507914753-_bhd\/\">LinkedIn post<\/a> Tuesday. <\/p>\n<p>React2Shell has prompted widespread alarm in the two weeks since the vulnerability was first disclosed in the widely used application framework, and researchers expect the defect to have long-lasting impacts.<\/p>\n<p>Austin Larsen, principal analyst at GTIG, said the critical vulnerability will likely be one of the more consequential defects it observed under active exploitation this year.<\/p>\n<p>A debate that initially ensued in some industry circles over the seriousness and viable impact of the defect has effectively ended. <\/p>\n<p>\u201cExploitation timelines are shrinking from weeks to hours,\u201d Dan Perez, technology lead at GTIG, told CyberScoop. \u201cEvery new vulnerability presents a race against time. Every minute that a system remains unpatched is a minute that a threat actor can use that to their advantage, which gives organizations a razor-thin margin for error.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"2.8923444976077\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/react2shell-fallout-spreads-to-sensitive-targets-as-public-exploits-hit-all-time-high-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/react2shell-vulnerability-fallout-spreads\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>React2Shell fallout spreads to sensitive targets as public exploits hit<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1209,632,282,78,452,3729,4357,5177,3707,715,46,5684,256,288,183,4136],"tags":[668,633,286,86,454,3731,4359,5179,3708,720,54,5685,262,294,207,4140],"class_list":["post-8212","post","type-post","status-publish","format-standard","hentry","category-cisa","category-cloudflare","category-cybercrime","category-cybersecurity","category-cybersecurity-and-infrastructure-security-agency-cisa","category-google-threat-intelligence-group","category-greynoise","category-microsoft-threat-intelligence","category-nation-state-threats","category-palo-alto-networks","category-ransomware","category-react2shell","category-research","category-threats","category-unit-42","category-vulncheck","tag-cisa","tag-cloudflare","tag-cybercrime","tag-cybersecurity","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-google-threat-intelligence-group","tag-greynoise","tag-microsoft-threat-intelligence","tag-nation-state-threats","tag-palo-alto-networks","tag-ransomware","tag-react2shell","tag-research","tag-threats","tag-unit-42","tag-vulncheck"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cisa\/\" rel=\"category tag\">CISA<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cloudflare\/\" rel=\"category tag\">Cloudflare<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google-threat-intelligence-group\/\" rel=\"category tag\">Google Threat Intelligence Group<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/greynoise\/\" rel=\"category tag\">greynoise<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft-threat-intelligence\/\" rel=\"category tag\">Microsoft Threat Intelligence<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/nation-state-threats\/\" rel=\"category tag\">nation state threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/palo-alto-networks\/\" rel=\"category tag\">Palo Alto Networks<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/react2shell\/\" rel=\"category tag\">React2Shell<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/unit-42\/\" rel=\"category tag\">Unit 42<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulncheck\/\" rel=\"category tag\">VulnCheck<\/a>","tag_info":"VulnCheck","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8212","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8212"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8212\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8212"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8212"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8212"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8212,"date":"2025-12-17T16:59:59","date_gmt":"2025-12-17T22:59:59","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=87193"},"modified":"2025-12-17T16:59:59","modified_gmt":"2025-12-17T22:59:59","slug":"react2shell-fallout-spreads-to-sensitive-targets-as-public-exploits-hit-all-time-high","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/12\/17\/react2shell-fallout-spreads-to-sensitive-targets-as-public-exploits-hit-all-time-high\/","title":{"rendered":"React2Shell fallout spreads to sensitive targets as public exploits hit all-time high"},"content":{"rendered":"