Threat Research

    About ZnDoor, a Malware Executed by React2Shell

    Since December 2025, multiple incidents in Japan have been linked to the exploitation of React2Shell (CVE-2025-55182), a remote code execution flaw affecting React and Next.js applications. While most attacks deployed coin miners, investigators identified a previously undocumented malware named ZnDoor....
    1/5/2026  0
    Read More »

    Windows Suspicious Child Process from Node.js - React2Shell

    Identifies suspicious child processes launched by Node.js server processes on Windows, which may signal exploitation of vulnerabilities such as CVE-2025-55182 (React2Shell)....
    1/2/2026  0
    Read More »

    Multiple Threat Actors Exploit React2Shell (CVE-2025-55182)

    On December 3, 2025, a critical unauthenticated RCE vulnerability in React Server Components, tracked as CVE-2025-55182 (“React2Shell”), was publicly disclosed. Shortly thereafter, the team observed widespread exploitation by diverse threat actors, from cybercriminals to suspected espionage groups....
    12/15/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.