React2Shell attacks deliver diverse malware across cloud and web targets.

Security firms report that exploitation of the React2Shell vulnerability has rapidly expanded, with attackers delivering everything from cryptominers to advanced backdoors. The flaw affects React 19 systems using Server Components and has also exposed frameworks like Next.js and Waku. Cloud providers and researchers have seen widespread credential theft, persistent implants such as EtherRAT, and attempts to deploy BPFDoor, Cobalt Strike, and various Linux backdoors. Most attacks focus on internet‑facing Next.js and Kubernetes workloads, prompting CISA to accelerate its remediation deadline after confirming active exploitation.

Read more:

https://www.securityweek.com/wide-range-of-malware-delivered-in-react2shell-attacks/