Active Telescope Reveals Global React2Shell Exploit Campaign

Researchers used an active network telescope—a set of routable IP addresses that respond to unsolicited traffic—to capture and dissect internet‑scale abuse of the React2Shell vulnerability. By probing the telescope, they observed thousands of malicious connection attempts, identified the geographic sources of the attacks, classified victim host types, and tracked how the campaign evolved over weeks and months.

The findings show that React2Shell continues to be weaponized at scale, compromising a diverse range of web servers and giving attackers remote shell access. Defenders must prioritize patching affected libraries, enhance outbound traffic monitoring for anomalous beaconing, and incorporate telescope‑derived indicators of compromise into threat‑intel feeds to detect and block ongoing exploitation.

Categories: Vulnerabilities & Exploits, Threat Intelligence

Source: Read original article