Overview On December 10, NSFOCUS CERT detected that Microsoft released the December Security Update patch, which fixed 57 security issues involving widely used products such as Windows, Microsoft Office, Microsoft Exchange Server, Azure, etc., including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed by Microsoft’s monthly update this […]
Israeli defense firm SMARTSHOOTER has secured a contract to supply its SMASH 3000 fire control system for evaluation by the Australian Defence Force (ADF) under the LAND 156 LOE 2 project, the company announced on Thursday. The effort will assess the system’s suitability for integration into Australia’s dismounted counter-uncrewed aerial system (C-UAS) capabilities. In a […]
Galaxy Digital opens an Abu Dhabi office under ADGM, deepening its Middle East footprint as UAE regulators fast-track major exchanges and stablecoin issuers. Digital asset firm Galaxy Digital has established a new entity in Abu Dhabi as part of its…
Cybersecurity researchers at Blackpoint Cyber discovered a new, evasive CastleLoader malware variant using Python and ClickFix social engineering to deliver RATs and info-stealers directly from memory.
On December 4, 2025, researchers published details on the critical vulnerability CVE-2025-55182, which received a CVSS score of 10.0. It has been unofficially dubbed React4Shell, as it affects React Server Components (RSC) functionality used in web applications built with the React library. RSC speeds up UI rendering by distributing tasks between the client and the server. The flaw is categorized as CWE-502 (Deserialization of Untrusted Data). It allows an attacker to execute commands, as well as read and write files in directories accessible to the web application, with the server process privileges.
Almost immediately after the exploit was published, our honeypots began registering attempts to leverage CVE-2025-55182. This post analyzes the attack patterns, the malware that threat actors are attempting to deliver to vulnerable devices, and shares recommendations for risk mitigation.
A brief technical analysis of the vulnerability
React applications are built on a component-based model. This means each part of the application or framework should operate independently and offer other components clear, simple methods for interaction. While this approach allows for flexible development and feature addition, it can require users to download large amounts of data, leading to inconsistent performance across devices. This is the challenge React Server Components were designed to address.
The vulnerability was found within the Server Actions component of RSC. To reach the vulnerable function, the attacker just needs to send a POST request to the server containing a serialized data payload for execution. Part of the functionality of the handler that allows for unsafe deserialization is illustrated below:
A comparison of the vulnerable (left) and patched (right) functions
CVE-2025-55182 on Kaspersky honeypots
As the vulnerability is rather simple to exploit, the attackers quickly added it to their arsenal. The initial exploitation attempts were registered by Kaspersky honeypots on December 5. By Monday, December 8, the number of attempts had increased significantly and continues to rise.
The number of CVE-2025-55182 attacks targeting Kaspersky honeypots, by day (download)
Attackers first probe their target to ensure it is not a honeypot: they run whoami, perform multiplication in bash, or compute MD5 or Base64 hashes of random strings to verify their code can execute on the targeted machine.
In most cases, they then attempt to download malicious files using command-line web clients like wget or curl. Additionally, some attackers deliver a PowerShell-based Windows payload that installs XMRig, a popular Monero crypto miner.
CVE-2025-55182 was quickly weaponized by numerous malware campaigns, ranging from classic Mirai/Gafgyt variants to crypto miners and the RondoDox botnet. Upon infecting a system, RondoDox wastes no time, its loader script immediately moving to eliminate competitors:
Beyond checking hardcoded paths, RondoDox also neutralizes AppArmor and SELinux security modules and employs more sophisticated methods to find and terminate processes with ELF files removed for disguise.
Only after completing these steps does the script download and execute the main payload by sequentially trying three different loaders: wget, curl, and wget from BusyBox. It also iterates through 18 different malware builds for various CPU architectures, enabling it to infect both IoT devices and standard x86_64 Linux servers.
In some attacks, instead of deploying malware, the adversary attempted to steal credentials for Git and cloud environments. A successful breach could lead to cloud infrastructure compromise, software supply chain attacks, and other severe consequences.
Risk mitigation measures
We strongly recommend updating the relevant packages by applying patches released by the developers of the corresponding modules and bundles.
Vulnerable versions of React Server Components:
Bundles and modules confirmed as using React Server Components:
next
react-router
waku
@parcel/rsc
@vitejs/plugin-rsc
rwsdk
To prevent exploitation while patches are being deployed, consider blocking all POST requests containing the following keywords in parameters or the request body:
#constructor
#__proto__
#prototype
vm#runInThisContext
vm#runInNewContext
child_process#execSync
child_process#execFileSync
child_process#spawnSync
module#_load
module#createRequire
fs#readFileSync
fs#writeFileSync
s#appendFileSync
Conclusion
Due to the ease of exploitation and the public availability of a working PoC, threat actors have rapidly adopted CVE-2025-55182. It is highly likely that attacks will continue to grow in the near term.
We recommend immediately updating React to the latest patched version, scanning vulnerable hosts for signs of malware, and changing any credentials stored on them.
Save 20% with an LG promo code today, plus up to $1,000 off appliances, 40% off bestselling TVs and monitors, and more early Black Friday bundle offers that won’t last long.
Strategy, formerly known as MicroStrategy, has expressed strong opposition to a proposal by the Morgan Stanley Capital International (MSCI) to exclude digital asset treasury companies (DATs) from its indexes.
Calls For Fair Treatment Of Digital Asset Companies
In a recent letter signed by Michael Saylor and the firm’s CEO Phong Le, Strategy highlighted its support for MSCI’s efforts to establish consistent eligibility criteria across its indices.
However, the company criticized the proposed threshold for excluding firms with more than 50% digital assets on their balance sheets, calling it “misguided.” The company argued that this measure could have negative implications not only for Strategy’s operations but also for the broader cryptocurrency market.
Strategy emphasized that, unlike traditional investment funds, it maintains the operational agility to adapt its value-creation strategies in tune with the evolving technology underlying Bitcoin.
The firm asserts that this flexibility is a critical asset for investors and distinguishes Strategy and other DATs from traditional digital asset investment vehicles.
The firm likened its investment approach in a singular asset class to that of real estate investment trusts (REITs) or oil companies, stating that MSCI categorizes those entities correctly without labeling them as investment funds. Therefore, it argued, DATs should be afforded similar treatment.
‘Discriminatory And Arbitrary’
The letter criticized the proposed 50% digital asset threshold as “discriminatory and arbitrary,” suggesting that it imposes uniquely unfavorable conditions on digital asset companies while allowing other industries—like oil, timber, and real estate—to maintain concentrated asset holdings without similar scrutiny.
Strategy raised concerns that enforcing this rule would necessitate MSCI to create new methods for measuring balance sheet concentration, complicating the indexing process unnecessarily due to varying accounting principles across asset classes and jurisdictions.
Additionally, Strategy elaborated on how the exclusion of DATs could substantially inhibit innovation within the digital asset industry, which the current administration strongly promotes as part of its economic strategy.
The company said that digital assets like Bitcoin have the potential to become foundational elements of global financial systems, but the proposed measures could limit access to these transformative technologies for pension plans and 401(k)s, ultimately redirecting billions away from the sector.
Strategy cautioned that a hasty exclusion of DATs could be based on misconceptions about their business models, asserting that it reflects a misunderstanding of the nature of these entities.
The firm advocated for a more measured approach similar to MSCI’s past handling of the “Communication Services” sector, which underwent extensive consultation and a thorough review before reorganizing traditional telecom, media, and internet companies.
Strategy Urges MSCI To Reconsider
If implemented, Strategy warns that MSCI’s proposal could lead to the delisting of numerous companies heavily involved in digital assets. JPMorgan analysts estimate that Strategy alone might face liquidations of up to $2.8 billion as a direct consequence of this exclusion.
Such a move is also expected to potentially distort market dynamics by incentivizing Bitcoin miners to sell their assets immediately instead of holding them as part of their business strategy.
In light of these concerns, Strategy urged MSCI to withdraw the proposal for excluding companies with over 50% digital asset holdings from its Global Investable Market Indexes.
The firm asserted that the proposal is rooted in a flawed understanding of DATs and would impose conditions unaligned with national interests, particularly those advocating for the responsible growth of the digital asset space.
As of this writing, the company’s stock, trading under the ticker symbol MSTR, is trading at $185. There has been almost no difference since Tuesday’s trading session amid consolidating crypto prices.
Featured image from DALL-E, chart from TradingView.com
For as long as there have been supercomputers, people like us have seen the announcements and said, “Boy! I’d love to get some time on that computer.” But now that most of us have computers and phones that greatly outpace a Cray 2, what are we doing with them? Of course, a supercomputer today is still bigger than your PC by a long shot, and if you actually have a use case for one, [Stephen Wolfram] shows you how you can easily scale up your processing by borrowing resources from the Wolfram Compute Services. It isn’t free, but you pay with Wolfram service credits, which are not terribly expensive, especially compared to buying a supercomputer.
[Stephen] says he has about 200 cores of local processing at his house, and he still sometimes has programs that run overnight. If your program already uses a Wolfram language and uses parallelism — something easy to do with that toolbox — you can simply submit a remote batch job.
What constitutes a supercomputer? You get to pick. You can just offload your local machine using a single-core 8GB virtual machine — still a supercomputer by 1980s standards. Or you get machines with up to 1.5TB of RAM and 192 cores. Not enough for your mad science? No worries, you can map a computation across more than one machine, too.
As an example, [Stephen] shows a simple program that tiles pentagons:
When the number of pentagons gets large, a single line of code sends it off to the cloud:
RemoteBatchSubmit[PentagonTiling[500]]
The basic machine class did the work in six minutes and 30 seconds for a cost of 5.39 credits. He also shows a meatier problem running on a 192-core 384GB machine. That job took less than two hours and cost a little under 11,000 credits (credit cost from just over $4/1000 to $6/1000, depending on how many you buy, so this job cost about $55 to run). If two hours is too much, you can map the same job across many small machines, get the answer in a few minutes, and spend fewer credits in the process.
Supercomputers today are both very different from old supercomputers and yet still somewhat the same. If you really want that time on the Cray you always wanted, you might think about simulation.
On-chain data shows the Solana Realized Profit/Loss Ratio has dipped into the loss-taking zone recently, a sign that SOL liquidity has thinned.
Solana Liquidity Back At Levels Associated With Bear Markets
According to data from on-chain analytics firm Glassnode, Solana liquidity has recently contracted to levels that are typically witnessed in a bear market. There are many ways “liquidity” of a cryptocurrency can be assessed, but here, Glassnode has used the Realized Profit/Loss Ratio.
This indicator measures, as its name already implies, the ratio between the amount of profit and loss that the SOL investors as a whole are realizing through their transactions.
The metric works by going through the transaction history of each coin being sold on the network to see what price it was last moved at. If the previous transaction price was less than the latest selling price for any token, then the indicator considers its sale to have realized a net gain. Similarly, the metric adds transactions to the loss-taking category in the opposite case.
The exact amount of profit or loss realized in any transfer is naturally equal to the difference between the latest price and last selling value. The indicator adds up this value for both categories and determines the ratio.
Now, here is the chart shared by the analytics firm that shows the trend in the 30-day moving average (MA) of the Solana Realized Profit/Loss over the last few years:
As displayed in the above graph, the Solana Realized Profit/Loss witnessed a sharp spike during the price rally in September. This suggests that profit taking saw an explosion. The indicator maintained at high levels for a while, but following the price peak in October, its value went downhill fast.
In November, the Realized Profit/Loss breached below the 1 mark as SOL plummeted. A value less than 1 on the metric implies loss realization is outpacing profit taking. Since this breakdown, the indicator has only gone lower inside the loss-taking region, a sign investor capitulation has only been becoming more dominant.
Glassnode has noted that the trend signals “liquidity has contracted back to levels typically seen in deep bear markets.” During the 2022 bear market, Solana remained in these conditions for a few months before its price found a bottom.
It now remains to be seen whether the low liquidity will also persist for the cryptocurrency this time, or if the fall into the loss region is only a temporary one for the indicator.
SOL Price
Solana surged to $144 on Tuesday, but the coin has seen a fall back to $138.
There’s a type of dust-collector that’s been popular since the 1990s, where a cube of acrylic or glass is laser-etched in a three-dimensional pattern. Some people call them bubblegrams. While it could be argued that bubblegrams are a sort of 3D display, they’re more like a photograph than a TV. [Ancient] had the brainwave that since these objects work by scattering light, he could use them as a proper 3D video display by controlling the light scattered from an appropriately-designed bubblegram.
Appropriately designed, in this case, means a point cloud, which is not exactly exciting to look at on its own. It’s when [Ancient] adds the colour laser scanning projector that things get exciting. Well, after some very careful alignment. We imagine if this was to go on to become more than a demonstrator some sort of machine-vision auto-aligning would be desirable, but [Ancient] is able to conquer three-dimensional keystoning manually for this demonstration. Considering he is, in effect, projection-mapping onto the tiny bubbles in the crystal, that’s impressive work. Check out the video embedded below.
With only around 38,000 points, the resolution isn’t exactly high-def, but it is enough for a very impressive proof-of-concept. It’s also not nearly as creepy as the Selectric-inspired mouth-ball that was the last [Ancient] project we featured. It’s also a lot less likely to take your fingers off than the POV-based volumetric display [Ancient] was playing DOOM on a while back.
For the record, this one runs the same DOOM port, too– it’s using the same basic code as [Ancient]’s other displays, which you can find on GitHub under an MIT license.
Most street-based delivery robots take the form of a compact, wheel-based vehicle with a secure compartment for the item that’s out for delivery. But one major issue affects such contraptions: They can’t handle things like stairs, rough ground, or other challenging terrain, a fact that prevents them from trundling right up to someone’s front door. […]
If you need the fastest possible speeds for external storage, Hyper might have the tool for you. The company's new HyperDrive enclosure uses USB4 V2 to turn any NVMe drive into a high-performance external drive, but you'll have to pay a hefty sum for the privilege.
The unexpected “589” post from Solana’s official X account quickly opened up new discussions about whether something significant is forming between Solana and the XRP ecosystem. One of the reactions came from a community figure known as Cobb, who openly wondered if Ripple had just secured a major deal with Solana.
Nothing official has been announced, but a detailed breakdown from crypto commentator SonOfaRichard has brought clearer context to the situation. His explanation outlines what may be taking shape with the XRP-Solana connection and why the two networks could end up working together in a structured way.
Solana And XRPL Operate On Opposite Ends
In his response, SonOfaRichard noted how we’ve seen talks about Solana and XRPL integrations for a while, but then it has gone quiet. The pundit explained that Solana and the Ledger are often seen as competitors, yet their strengths sit in completely different areas.
Solana is known for dominating the consumer-facing side of crypto for fast applications, active DeFi projects, and high-volume execution. What it lacks is corridor depth in regulated markets, a strong connection to compliant liquidity.
XRP and the XRPL fill that gap. Ripple focuses on enterprise channels, settlement, compliance, and liquidity, while the Ledger acts as the underlying banking layer that institutions depend on.
This creates a situation where Solana brings the activity and the audiences, and the Ledger brings the settlement and regulatory foundation. Rather than overlapping or competing, the two ecosystems form a natural and optimal design pair: one pushes value into the economy, and the other provides the framework that allows that value to move safely and at scale.
Another major part of the pundit’s explanation is also the role of RLUSD, Ripple’s regulated USD stablecoin. Solana, despite its massive activity, does not yet have a strong, compliant USD pathway.
RLUSD could fill that need, acting as the channel through which consumer activity on Solana connects to regulated corridors worldwide. Under that arrangement, XRP becomes the collateral and final settlement layer sitting beneath both networks.
Explaining The “589” Message
The strong reaction to the post came from the fact that “589” is a well-known marker in the community. Solana followed it with another post showing the number in Morse code, paired with the flags of Solana, XRP, and Bitcoin, along with the caption “Time to flip the switch,” and even tagged Ripple’s CTO, David Schwartz.
Together, those posts have had more than six million views, making them the most-engaged content Solana has ever shared on the platform. The attention stemmed from the history of “589” itself, a number tied to long-running XRP memes and bold price expectations that have circulated within the community for years. Even so, there is still nothing concrete to confirm deeper intentions, and the posts could simply be part of a broader social media strategy.
Login
