There is critical vulnerability in React Server Components disclosed as CVE-2025-55182 that impacts React 19 and frameworks that use it. A fix has been published in React versions 19.0.1, 19.1.2, and 19.2.1. We recommend upgrading immediately. react.dev/blog/2025/12/0…

And it turns out the PoC was fake — it was generated by LLMs. The surprising part is that the latest version can still be exploited, and the genuine vulnerability doesn’t rely on constraints like child_process.exec or fs.writeFile. The details above are as cited by the

Our Security Research team at Searchlight Cyber just published a high-fidelity detection mechanism for the Next.js/RSC RCE (CVE-2025-55182 & CVE-2025-66478) - slcyber.io/research-cente…. There are a lot of PoCs on GitHub that are adding noise to the problem; I hope this helps people!

🎄 New Root-Xmas Challenge 🎄 ✨ Today, try decrypting a gift for the community! 📌 Submitted by : nikost 🔗 Details & participation here: ctf.xmas.root-me.org Good luck to you all! 🎅

🐧KrbNixPwn ⬇️github.com/onSec-fr/KrbNi… Linux Kerberos tool in bash. Should run out of the box on most Linux systems. Has 2 modes: 🔹Dump Extract all Linux Kerberos backend cache formats: FILE, DIR, KCM, KEYRING. 🔹Monitor Rubeus like monitor mode.

SupaPwn: Hacking Our Way into Lovable's Office and Helping Secure Supabase - s1r1us (mohan) Harsh Jaiswal hacktron.ai/blog/supapwn

This is the most reliable public detection (at this time) to indicate whether a machine is actually exploitable to CVE-2025-55182 / React2Shell without invoking the RCE and limited FP's. it triggers an internal error and validates the vulnerable version cloud.projectdiscovery.io/library/CVE-20…

Shai-Hulud 2.0 Supply Chain Attack: 25K+ Repos Exposing Secrets - Wiz wiz.io/blog/shai-hulu…

try this WAF bypass trick for rsc&&next.js CVE-2025-55182 All fields can use utf16le charset #React2Shell

Ghostwriter v6.1 is out! 🐕 Full BloodHound integration 📝 Collaborative project notes 📑 Improved caption editor 🌙 Dark mode support 🔐 SSO/MFA & usability upgrades ʎppɐɯɔ breaks down how 6.1 streamlines assessment + reporting. ⬇️ ghst.ly/gwv61-tw

We introduced a dedicated HackerOne program for Vercel WAF bypasses for CVE-2025-55182 / react2shell Critical bypass: $50K hackerone.com/vercel_platfor…

Grafana Dashboard for my Blackstone Smoker - Paul Sec.jpeg .exe paulsec.github.io/posts/grafana-…

I forgot this was a thing till some random phishing emails landed today IPv4 mapped IPv6 addresses notes.networklessons.com/ipv6-ipv4-mapp…

TROOPERS25: The Crypto Game of North Korea Stealing Money with Chrome 0 days - Boris Larin youtu.be/5ezmnd6Z96o

Guess what was vulnerable to the new React RCE? All my side projects created with Google's AI Studio, including BugBountyDaily.com! Logan Kilpatrick, any way to avoid this in the future? Maybe automated patches or daily builds that automatically update imported packages to

We are 10 days away from #NahamCon2025 Winter Edition ❄️ Two full days packed with workshops, talks, AMAs, and nonstop hacking 🔥 📆 December 17 to 18 ℹ️ Get all the details 👉🏼 nahamcon.com

Vercel Firewall has blocked: ▪️ ~6MM exploit attempts (all-time) ▪️ 2.3MM in the last 24h ▪️ 18K unique attacking IPs ▪️ 500+ exploit scanners Kudos to our CDN & Security teams working day & night to protect the internet from React2Shell attacks. Our WAF continues to get

x.com/i/article/1998…

We want to thank the hackerone community for an incredible collaboration over the weekend. They discovered a total of 15 unique issues, leading to an expected payout of $750K. Our eng team has hardened the WAF as issues were discovered, and the last "flag capture" was 20 hours

Hack-cessibility: When DLL Hijacks Meet Windows Helpers - Oddvar Moe trustedsec.com/blog/hack-cess…