The React2Shell Crisis

The React2Shell Crisis

From State of Cybercrime by Varonis, Matt Radolec, David Gibson

December 15, 2025 · 23 min · Season 3 · Episode 32

About this episode

The episode discusses the React2Shell exploit and its implications for cybersecurity, including recent attacks and vulnerabilities.

React2Shell, the zero-click RCE exploit, is rapidly becoming one of the most significant cybersecurity incidents this year. From emergency patches causing a massive Cloudflare outage to active exploitation by China and North Korea-linked groups, this flaw may be the next Log4Shell moment for enterprises and developers alike. Join Matt and David for an episode of State of Cybercrime that breaks down how attackers are weaponizing this vulnerability and what organizations must do to stay safe. They will also dive into the Shai-hulud 2.0 assault on cloud infrastructure as well as the biggest DDoS attack ever recorded. More from Varonis ⬇️ Visit our website: https://www.varonis.com LinkedIn: linkedin.com/company/varonis X/Twitter: x.com/varonis Instagram: instagram.com/varonislife Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrime More from Varonis ⬇️ Visit our website: https://www.varonis.com LinkedIn: https://www.linkedin.com/company/varonis X/Twitter: https://twitter.com/varonis Instagram: https://www.instagram.com/varonislife/

People in this episode

Hosts: Matt Radolec, David Gibson

Topics covered

  • cybersecurity
  • zero-click RCE exploit
  • cloud infrastructure
  • DDoS attacks
  • vulnerability exploitation

Keywords

  • React2Shell
  • zero-click exploit
  • cybersecurity incidents
  • Cloudflare outage
  • DDoS attack
  • vulnerability
  • China
  • North Korea

Mentioned in this episode

Organizations: Cloudflare, China, North Korea

More episodes of State of Cybercrime

Explore listener stats, chart rankings, contacts and more on the State of Cybercrime podcast page.