TechNaduDec 12

React2Shell exploitation now enables persistent access via EtherRAT’s blockchain-based C2.

https://www.technadu.com/react2shell-exploitation-evolves-into-persistent-access-threat/615626/

• Unauthenticated RCE via CVE-2025-55182
• EtherRAT instructions hidden inside Ethereum smart contracts
• Gov + cloud + critical-infrastructure orgs selectively targeted
• Unique per-host payloads hinder signature detection
• Monitor Node.js anomalies + Ethereum RPC activity

#React2Shell #CVE202555182 #EtherRAT #CyberSecurity #ThreatIntel #NextJS #AppSec

The New OilDec 11

North Korean hackers exploit #React2Shell flaw in #EtherRAT #malware attacks

https://www.bleepingcomputer.com/news/security/north-korean-hackers-exploit-react2shell-flaw-in-etherrat-malware-attacks/

#NorthKorea #cybersecurity

North Korean hackers exploit React2Shell flaw in EtherRAT malware attacks

A new malware implant called EtherRAT, deployed in a recent React2Shell attack, runs five separate Linux persistence mechanisms and leverages Ethereum smart contracts for communication with the attacker.

BleepingComputer
Hackread.comDec 10

North Korea‑linked hackers now using new “EtherRAT” malware to exploit critical #React2Shell vulnerability in active campaigns.

Read: https://hackread.com/north-korean-hackers-etherrat-malware-react2shell/

#EtherRAT #Cybersecurity #NorthKorea #Malware #Vulnerability

North Korean Hackers Deploy EtherRAT Malware in React2Shell Exploits

Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread