GreyNoise: Two IPs now generate 56% of all CVE-2025-55182 exploitation traffic. One deploys cryptominers. The other opens reverse shells. We dug into the infrastructure. What we found goes back to 2020.

See full post

GreyNoise greynoise.io
Two IPs now generate 56% of all CVE-2025-55182 exploitation traffic. One deploys cryptominers. The other opens reverse shells. We dug into the infrastructure. What we found goes back to 2020.
React Server Components Exploitation Consolidates as Two IPs Generate Majority of Attack Traffic

Two months after CVE-2025-55182 was disclosed on December 3, 2025, exploitation activity targeting React Server Components has consolidated significantly.

greynoise.io
Feb 3, 2026 21:04
0 reposts 0 quotes 0 likes

View on Bluesky Show all post labels

An unhandled error has occurred. Reload 🗙