⚡ Weekly Recap: IoT Exploits, Wallet Breaches, Rogue Extensions, AI Abuse & More

The year opened without a reset. The same pressure carried over, and in some places it tightened. Systems people assume are boring or stable are showing up in the wrong places. Attacks moved quietly, reused familiar paths, and kept working longer than anyone wants to admit. This week's stories...

Exploit for Deserialization of Untrusted Data in Facebook React

Next.js React2Shell CVE-2025-55182 Exploit Tool A proof-of-...

React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation

The U.S. Cybersecurity and Infrastructure Security Agency CISA has urged federal agencies to patch the recent React2Shell vulnerability by December 12, 2025, amid reports of widespread exploitation. The critical vulnerability, tracked as CVE-2025-55182 CVSS score: 10.0, affects the React Server...

Exploit for Deserialization of Untrusted Data in Facebook React

Next.js RCE Patcher CVE-2025-55182 A simple, automated tool...

Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability

Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components RSC within hours of it becoming public knowledge. The vulnerability in question is CVE-2025-55182 CVSS score: 10.0, aka React2Shell, which allows unauthenticated remot...