This SmarterMail vulnerability allows Remote Code Execution - here's what we know

Business-grade email server software SmarterMail just patched a maximum-severity vulnerability that allowed threat actors to ...
Dark Reading

RondoDox Botnet Expands Scope With React2Shell Exploitation

Recent attacks are targeting Next.js servers and pose a significant threat of cryptomining and other malicious activity to ...

RondoDox botnet exploits React2Shell flaw to breach Next.js servers

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js ...
SecurityWeek

RondoDox Botnet Exploiting React2Shell Vulnerability

December 2025, the RondoDox botnet operators have been targeting Next.js servers impacted by the React2Shell vulnerability.
Dark Reading

Sunken Ships: Will Orgs Learn From Ivanti EPMM Attacks?

The zero-day exploitations of Ivanti's MDM platform meant unprecedented pwning of 1000s of orgs by a Chinese APT — and ...

Trump admin sends heart emoji to commercial spyware makers with lifted Predator sanctions

Predator has remained available through the Intellexa spyware consortium despite US sanctions imposed in 2024 on ...
The Hacker News

CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution

Singapore’s CSA warns of a CVSS 10.0 SmarterMail vulnerability allowing unauthenticated remote code execution via file upload ...
The Hacker News

RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers

RondoDox botnet exploits the React2Shell vulnerability in Next.js, with over 90,000 exposed systems used to deploy miners and ...