THREATOPS
THREAT OPSThreat News › React Server Components Exploitation Consolidates as Two IPs Generate Majority of Attack Traffic

React Server Components Exploitation Consolidates as Two IPs Generate Majority of Attack Traffic

lowgreynoise_blogPublished 2026-02-02

Two months after CVE-2025-55182 was disclosed on December 3, 2025, exploitation activity targeting React Server Components has consolidated significantly.

Indicators of compromise

Original source: https://www.greynoise.io/blog/react2shell-exploitation-consolidates