Hackers Exploit React2Shell to Hijack Web Traffic via Compromised NGINX Servers

CentryNex

Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota (BT) in an attempt to route it through the attacker’s infrastructure.
Datadog Security Labs said it observed threat actors associated with the recent React2Shell (CVE-2025-55182, CVSS score: 10.0) exploitation using malicious NGINX

SOURCE:

Share the Post:

Related News

DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files

Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX that employs a mix of “disciplined tradecraft

Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models

Microsoft on Wednesday said it built a lightweight scanner that it said can detect backdoors in open-weight large language models

China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns

Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law