RondoDox Botnet Exploits React2Shell Flaw to Hijack IoT Devices and Servers

January 1, 2026 at 09:19 AM

•

1 min read

RondoDox Botnet Exploits React2Shell Flaw to Hijack IoT Devices and Servers — Photo: The Hacker News

TL;DR Summary

Cybersecurity researchers have uncovered a nine-month campaign where the RondoDox botnet exploited the critical React2Shell vulnerability (CVE-2025-55182) to hijack IoT devices and web servers, deploying malware, cryptocurrency miners, and Mirai variants, with the threat still active as of December 2025. Organizations are urged to update vulnerable software, segment IoT devices, and enhance monitoring to prevent infection.

Topics:business #botnet #iot-security #network-security #react2shell #rondodox #vulnerability-exploitation

Share this article

RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers The Hacker News
Best of 2025: CVE-2025-29927 – Understanding the Next.js Middleware Vulnerability Security Boulevard
59K Servers Hacked in 48 Hours: Inside Operation PCPcat eSecurity Planet
React2Shell under attack: RondoDox Botnet spreads miners and malware Security Affairs
React2Shell, Shai-Hulud 2.0, Gogs Zero-Day & Tika RCE wiz.io

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

87%

429 → 56 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights