Breaking 16:45 Fuel prices in France fall below €1.90 per litre as diesel and petrol ease after geopolitical tensions 16:30 Crans-Montana bar to be converted into youth space after deadly fire tragedy in Switzerland 16:17 Ebola outbreak in DR Congo reaches 304 deaths as cases surpass 1,100, health authorities report 16:15 Central African Republic declares cholera outbreak after 24 deaths in southern regions 16:08 Twelve arrested after violent street brawl in Tangier sparks police investigation in Morocco 16:00 Agadir hosts over 4,000 participants at RNI Youth Summer University as party mobilizes young supporters 15:45 US administration reportedly nears decision to restore Anthropic's Fable 5 AI model 15:33 France urges heightened vigilance as Burkina Faso cuts diplomatic ties in major geopolitical rupture 15:30 Morocco and China strengthen customs partnership with three new cooperation agreements 15:15 Bolivia ends 15-year dollar peg with flexible exchange rate to restore economic stability 15:00 Australia strengthens child social media ban with tougher penalties for tech companies 14:45 Kotak Mahindra Bank begins CEO succession process as Ashok Vaswani plans to step down 14:30 Porsche considers moving Cayenne SUV production from Slovakia to Germany 14:15 Small aircraft accidents in Beijing: A look back at two decades of aviation incidents 14:06 Mawazine 2026: Serge Beynaud Sets the Stage Ablaze in Rabat with an Explosive Performance 14:03 Lotfi Bouchnak at Mawazine: A Call for the Preservation of Arab Musical Heritage 14:00 Tiësto Electrifies Mawazine 2026 with a Spectacular Show in Rabat 14:00 Vespa celebrates 80 years with thousands of riders gathering in Rome 13:57 Mawazine 2026: Dee Dee Bridgewater's Jazz and Ty Dolla Sign's Energy Ignite Rabat 13:54 Mawazine 2026: Douzi and Cheb Khaled ignite Rabat in a memorable evening 12:00 Atlas Lions symbolize Morocco’s global identity and enduring sense of belonging 11:45 Morocco climbs in 2026 global children's rights index 11:36 United States temporarily eases sanctions on Venezuela to support earthquake relief efforts 11:22 Morocco highlights Africa’s voice at UN Charter anniversary celebrations 11:11 Morocco strengthens UN partnerships on artificial intelligence and South-South cooperation 11:00 Venezuela earthquake death toll rises to 920 as rescue efforts intensify 20:00 Finland lifts nuclear weapons ban as new defence law comes into force 19:41 Google launches Google Finance app for Android with AI-powered features 19:19 Shipping continues through Strait of Hormuz despite security concerns 19:00 Samsung launches Galaxy A27 5G with six years of software support 18:47 Neil El Aynaoui: From France to Rome, the Rise of Morocco’s Midfield Engine 18:38 Volkswagen plans major restructuring with job cuts and factory closures 18:18 Japan braces for twin tropical storms as injuries rise and flights are canceled 18:08 Ebola Outbreak in the Democratic Republic of the Congo Surpasses 300 Deaths 17:57 Putin Praises Veterans’ Resilience at Abilympics Championship in Kazan 17:30 National Lottery of Morocco Receives Dual International Recognition for Responsible Gaming 17:17 Yassine Bounou: The Moroccan Goalkeeper Who Redefined Modern Goalkeeping 17:05 Morocco’s Air Transport Sector Reaches Record Growth, Surpassing 12.3 Million Passengers

Microsoft rushes to contain critical React2Shell vulnerability amid global exploitation

Tuesday 16 December 2025 - 18:50
Microsoft rushes to contain critical React2Shell vulnerability amid global exploitation

Microsoft has issued an urgent security advisory to address a severe remote code execution (RCE) vulnerability known as React2Shell, which affects React Server Components and several Next.js versions. The flaw, tracked as CVE-2025-55182, has been classified with the highest severity score of 10.0 and is already being exploited in large-scale attacks compromising both Windows and Linux systems.

Widespread exploitation across multiple actors

Within days of disclosure, cybersecurity teams detected widespread exploitation of React2Shell by state-linked and criminal groups. Multiple threat intelligence divisions confirmed that the attacks originated largely from China-based entities, including organized campaigns led by advanced threat actors. These groups rapidly exploited the vulnerability to deploy remote access tools, cryptocurrency miners, and credential-stealing malware across cloud and enterprise networks.

Analysts reported that affected systems were often used to harvest credentials from cloud environments such as Azure, Google Cloud Platform, Amazon Web Services, and Tencent Cloud. Cybercriminals have also been injecting malicious scripts into legitimate cryptocurrency websites, compromising users' wallets and tokens. Tools like TruffleHog and Gitleaks were detected scanning repositories for sensitive information, including API keys and Kubernetes credentials.

Strong mitigation urged amid active campaigns

Microsoft is urging all developers and organizations to update immediately to React versions 19.0.1, 19.1.2, or 19.2.1 and compatible Next.js versions now patched against the flaw. The company has enhanced detection capabilities within Microsoft Defender XDR and rolled out automatic protections to block active exploitation attempts. Azure Web Application Firewall users can also implement preconfigured rules to halt malicious traffic temporarily while updates are deployed.

Security teams are advised to prioritize patching internet-exposed systems, rotate compromised credentials, and verify the integrity of any impacted container or virtual machine environments. Microsoft Defender for Cloud has added scanning features to identify vulnerable assets rapidly, offering vital visibility for organizations responding to this urgent threat.

Keywords:



Latest News
  • Fajr
  • Sunrise
  • Dhuhr
  • Asr
  • Maghrib
  • Isha

Newsletter

Subscribe now to the Walaw website newsletter to receive all the latest updates

Email address

Read more

Microsoft urges a balanced approach to artificial intelligence and the future of work Business Microsoft urges a balanced approach to artificial intelligence and the future of work
Chevron and Microsoft bet on natural gas to power artificial intelligence data centers Technology Chevron and Microsoft bet on natural gas to power artificial intelligence data centers
New Windows Defender zero-day enables system privileges escalation Technology New Windows Defender zero-day enables system privileges escalation
Microsoft pushes in-house AI as Anthropic costs come under scrutiny Technology Microsoft pushes in-house AI as Anthropic costs come under scrutiny

This website, walaw.press, uses cookies to provide you with a good browsing experience and to continuously improve our services. By continuing to browse this site, you agree to the use of these cookies.