Shortly after details of CVE-2025-55182 became public, we began noticing large volumes of exploitation attempts across our endpoint and network sensors. The vulnerability, informally referred to as React2Shell, affects Node.js applications that allow user-supplied JSON data to influence internal JavaScript object structures. When improperly validated, attackers can escalate this into remote command execution through access to process.mainModule.require and, subsequently, child_process.execSync.

Researchers at Bitdefender have identified critical security vulnerabilities in the firmware of the Dahua Hero C1 (DH-H4C) smart camera series. The flaws, affecting the device's ONVIF protocol and file upload handlers, allow unauthenticated attackers to execute arbitrary commands remotely, effectively taking over the device. The vulnerabilities were reported to Dahua for responsible mitigation and disclosure and are now patched at the time of publication. Affected Devices The issues were ver