SecurityWeek

RondoDox Botnet Exploiting React2Shell Vulnerability

December 2025, the RondoDox botnet operators have been targeting Next.js servers impacted by the React2Shell vulnerability.

This SmarterMail vulnerability allows remote code execution - here's what we know

Business-grade email server software SmarterMail just patched a maximum-severity vulnerability that allowed threat actors to ...
CSO Online

React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web

The explosive, easy-to-trigger vulnerability was exploited within hours of disclosure, exposing the risks of default ...
HHS

Attackers Exploit Shellshock Bug

The recently discovered Shellshock - or Bash - vulnerability is being actively targeted by malware gangs, who appear to have already claimed more than 700 victims. See Also: Averting the Breach: 5 ...
ExtremeTech

Shellshock: A deadly new vulnerability that could lay waste to the internet (updated)

There's a new internet-crippling zero-vulnerability in town called Shellshock. It potentially affects around half of all websites on the internet (around 500 million), and millions or billions more ...
Bleeping Computer

New regreSSHion OpenSSH RCE bug gives root on Linux servers

A new OpenSSH unauthenticated remote code execution (RCE) vulnerability dubbed "regreSSHion" gives root privileges on glibc-based Linux systems. OpenSSH is a suite of networking utilities based on the ...
VentureBeat

Spring Core vulnerability doesn’t seem to be Log4Shell all over again

A newly disclosed remote code execution vulnerability in Spring Core, a widely used Java framework, does not appear to represent a Log4Shell-level threat. Security researchers at several organizations ...
VentureBeat

VMware says 3 Tanzu products impacted by Spring4Shell vulnerability

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More VMware disclosed on Saturday that three Tanzu products are “impacted” by ...