CVE-2025-55182 is a critical unauthenticated remote-code-execution flaw affecting React Server Components and downstream frameworks such as Next.js, enabling attackers to execute arbitrary code on vulnerable servers.

The OSINT reports that North Korean state-sponsored operators are running the “Contagious Interview” campaign, using malicious npm packages, GitHub, and Vercel infrastructure, and the OtterCookie malware family to compromise blockchain and Web3 developers, exfiltrate credentials and wallet data, and remotely control infected systems for digital asset theft and espionage.

“Bloody Wolf” is actively expanding spear-phishing campaigns across Central Asia by impersonating Ministries of Justice and using custom JAR loaders to deploy the legitimate NetSupport RAT for persistent remote access and low-profile operations.

Arctic Wolf Labs reports that RomCom, a Russian-aligned threat group, was observed delivering its Mythic Agent loader through the SocGholish framework for the first time, targeting a U.S. engineering firm with ties to Ukraine.