Breaking 17:00 Sudan: first commercial flight lands in Khartoum after nearly three years 16:40 Venezuela: human rights activist Javier Tarazona freed after over four years in prison 16:20 Saint-Gobain Sekurit centralizes European automotive glass rework in Kenitra, Morocco 16:00 DRC: landslide at Rubaya mine could leave at least 200 dead, authorities fear 15:40 Ukraine: Russian strike hits maternity hospital in Zaporizhzhia, six injured 15:20 Jewish school in Paris vandalized overnight, religious plaque destroyed 15:00 Tetouan schools closed on Monday due to severe weather 14:40 Waymo aims to raise 16 billion dollars to expand autonomous vehicle services 14:20 New car sales in France down 6.55% in January 14:20 Team of the week: from Nador to Ksar El Kebir, the test of action 14:00 Preventive evacuations ordered in Sidi Kacem amid rising sebour river levels 13:40 Crans-montana fire death toll rises to 41 after victim dies from injuries 13:20 Joseph Aoun visits Spain on official trip 13:00 Fuel prices rise again in Morocco as diesel and gasoline costs increase 12:40 Moroccan lawyers intensify strike, paralyzing courts 12:20 Floods hit Ksar El Kebir: army and rescue teams evacuate residents 12:00 Türkiye expresses condolences over deadly landslide in DR Congo 11:40 Rafah crossing in Gaza reopens with severe restrictions 11:20 Turkey bus accident kills eight, injures 26 11:00 Türkiye condemns deadly terrorist attacks in Pakistan’s Balochistan province 10:40 Saudi Arabia-Pakistan defense pact will not include Turkey 10:20 New winter storm hits the United States 10:00 Iran labels European armies “terrorist” in retaliation for EU measures 09:40 Controversial speed camera near Italian border: Ventimiglia found guilty of abusive procedure 09:20 Capgemini to sell subsidiary working with US immigration agency ICE 09:00 Ukraine: two killed in Russian drone strike on Dnipro 08:40 Trump says Iran is “talking to us” amid rising tensions 08:20 Switzerland: dozens killed in bar fire at Crans-Montana ski resort 07:56 Majority bloc backs Nouri al-Maliki for prime minister despite Trump warnings

Microsoft rushes to contain critical React2Shell vulnerability amid global exploitation

Tuesday 16 December 2025 - 18:50
Microsoft rushes to contain critical React2Shell vulnerability amid global exploitation

Microsoft has issued an urgent security advisory to address a severe remote code execution (RCE) vulnerability known as React2Shell, which affects React Server Components and several Next.js versions. The flaw, tracked as CVE-2025-55182, has been classified with the highest severity score of 10.0 and is already being exploited in large-scale attacks compromising both Windows and Linux systems.

Widespread exploitation across multiple actors

Within days of disclosure, cybersecurity teams detected widespread exploitation of React2Shell by state-linked and criminal groups. Multiple threat intelligence divisions confirmed that the attacks originated largely from China-based entities, including organized campaigns led by advanced threat actors. These groups rapidly exploited the vulnerability to deploy remote access tools, cryptocurrency miners, and credential-stealing malware across cloud and enterprise networks.

Analysts reported that affected systems were often used to harvest credentials from cloud environments such as Azure, Google Cloud Platform, Amazon Web Services, and Tencent Cloud. Cybercriminals have also been injecting malicious scripts into legitimate cryptocurrency websites, compromising users' wallets and tokens. Tools like TruffleHog and Gitleaks were detected scanning repositories for sensitive information, including API keys and Kubernetes credentials.

Strong mitigation urged amid active campaigns

Microsoft is urging all developers and organizations to update immediately to React versions 19.0.1, 19.1.2, or 19.2.1 and compatible Next.js versions now patched against the flaw. The company has enhanced detection capabilities within Microsoft Defender XDR and rolled out automatic protections to block active exploitation attempts. Azure Web Application Firewall users can also implement preconfigured rules to halt malicious traffic temporarily while updates are deployed.

Security teams are advised to prioritize patching internet-exposed systems, rotate compromised credentials, and verify the integrity of any impacted container or virtual machine environments. Microsoft Defender for Cloud has added scanning features to identify vulnerable assets rapidly, offering vital visibility for organizations responding to this urgent threat.

Keywords:



Latest News
  • Fajr
  • Sunrise
  • Dhuhr
  • Asr
  • Maghrib
  • Isha

Newsletter

Subscribe now to the Walaw website newsletter to receive all the latest updates

Email address

Read more

Microsoft loses $357 billion in second-largest single-day market drop Economy Microsoft loses $357 billion in second-largest single-day market drop
Investors shift to value stocks amid AI-driven inflation fears Economy Investors shift to value stocks amid AI-driven inflation fears
Microsoft commits $17.5 billion to accelerate AI adoption across India Technology Microsoft commits $17.5 billion to accelerate AI adoption across India
Alphabet overtakes Microsoft to become world’s third-largest company driven by cloud and AI growth Technology Alphabet overtakes Microsoft to become world’s third-largest company driven by cloud and AI growth

This website, walaw.press, uses cookies to provide you with a good browsing experience and to continuously improve our services. By continuing to browse this site, you agree to the use of these cookies.