🚨【緊急解説】React2Shell (CVE-2025-55182) 「Log4Shellの再来」とも警戒されるCVSS 10.0の脆弱性。 React/Next.jsを利用する全組織に影響 ⚠️ なぜ「デフォルト設定」で危険？ ⚠️ 「死角」に潜むサプライチェーンリスクとは？ メカニズムと対策を徹底解説しました👇 https://t.co/nfMavKD5iZ

Easiest way to test for Log4Shell (even in 2025) 🤠 Example 👇

The internet was on fire. 🔥 One small library affecting billions of systems. Log4Shell was the biggest security vulnerability of all time. Now, Log4J maintainer, Christian Grobmeier tells us what it felt like inside the flames 👉 https://t.co/sORUhKAwBz

Exploiting Log4Shell in 2025 (complete guide) 😎 🧵👇

CVE-2025-55182 (React2Shell) pre-auth RCE is likely to have a long tail time similar to Log4Shell Log4j injection and Telerik deserialisation vulnerabilities have in the past. This is already being weaponised by threat actors with public POCs available. https://t.co/DbrEsfTSrS

In November 2021, a zero-day flaw in a widely used software library called Log4j allowed hackers to take full control of compromised devices through a simple application interface. This event crossed into mainstream headlines and became known as Log4Shell. Governments and

Nice payloads... (it's a Log4Shell variant it seems)

“Ignorance will break all software.” Log4Shell’s one line of code broke the internet, and taught us all a lesson we can’t ignore. As Christian Grobmeier, maintainer of Log4J puts it: "Learning is the only cure for ignorance. So just keep learning."

APT41, a skilled threat actor since 2007, conducts cyber espionage and crime, targeting diverse sectors and exploiting vulnerabilities like Log4Shell within hours, maintaining long-term access for months or years. #CyberSecurity #APT41

Four years ago in December 2021, we had Log4shell. Now in December 2025, we have React2shell. It's as widespread and bad, as in unauthenticated and RCE. A coincidence? 😂 #infosec #cybersecurity #bugbounty

thanksgiving 2021: log4shell thanksgiving 2025: react2shell some things never change...

For some bug bounty hunters, the Log4Shell hunt never truly ended... 😈 While most moved on, some researchers know this vulnerability is still hiding in production systems across the web, even today 👀 We just published a comprehensive guide showing exactly how to uncover

"According to Sonatype, roughly 13 percent of all Log4j downloads in 2025 were still for versions featuring the Log4Shell vulnerability; despite safe iterations being available for nearly four years." https://t.co/0r9FM8iXRg < crazy

Guys, whoever is using my Log4Shell/Log4J payload from Pastebin, make sure to replace my token ( https://t.co/QQHGMkCpDs) with your own. I don’t mind though... 😅

Flashback from Log4Shell!

I worked with a local silkscreen artist to make these patches for Crowdstruck, MOVEit Transfer and Log4shell. In recognition of analysts and responders who handled these major incidents, working nights, weekends and holidays. I think of them as merit badges. Ready to be pinned or

With Log4Shell, the hard part was separating real risk from just having Log4j around, lots of instances, fewer truly exploitable paths. React2Shell is different, if you’re on the affected React Server Components stack, assume exploitable. Closer to crown-jewel data, too.

💡 Tip! Injecting Log4Shell payloads is also possible in PDF files! eelyvy has a dedicated GitHub repository showing exactly how to craft your PDF payload file! 😎 🔗 https://t.co/fjMU9yOYje

Write your developer horror story in 5 words or less. 🎃 We'll go first: Remote code execution. https://t.co/sORUhKAwBz