React2Shell Attacks Linked to North Korean Hackers
North Korean threat actors are believed to be behind CVE-2025-55182 exploitation delivering EtherRAT. The post React2Shell Attacks Linked to North Korean Hackers appeared first on SecurityWeek.
Some of the attacks exploiting the recently emerged React vulnerability dubbed React2Shell appear to have been conducted by North Korean threat actors, according to cybersecurity firm Sysdig.
The React2Shell vulnerability, officially tracked as CVE-2025-55182, can be exploited for unauthenticated remote code execution. The flaw impacts version 19 of the React open source library for creating application user interfaces.
In addition to React, CVE-2025-55182 impacts other related frameworks, including Next.js, Waku, React Router, and RedwoodSDK.
Source: https://www.securityweek.com/react2shell-attacks-linked-to-north-korean-hackers/
Related breach coverage
- Exploitation of React2Shell Surges2025-12-08
An increasing number of threat actors have been attempting to exploit the React vulnerability CVE-2025-55182 in their attacks. The post Exploitation of React2Shell Surges appeared first on SecurityWeek.
- Chinese Hackers Exploiting React2Shell Vulnerability2025-12-05
AWS has seen multiple China-linked threat groups attempting to exploit the React vulnerability CVE-2025-55182. The post Chinese Hackers Exploiting React2Shell Vulnerability appeared first on SecurityWeek.
- North Korean Hackers Target High-Profile Node.js Maintainers2026-04-06
The threat actor behind the Axios supply chain attack has been aiming at other maintainers in its social engineering campaign. The post North Korean Hackers Target High-Profile Node.js Maintainers appeared first on SecurityWeek.
- New EtherRAT backdoor surfaces in React2Shell attacks tied to North Korea2025-12-10
NK-linked hackers are likely exploiting the React2Shell flaw to deploy a newly discovered remote access trojan, dubbed EtherRAT. North Korea–linked threat actors are likely exploiting the new critical React2Shell flaw (CVE-2025-55182) to deploy a previously unknown remote access trojan called EtherRAT, Sysdig researchers warn. The vulnerability CVE-2025-55182, is a pre-authentication remote code execution issue in React […]