CVE

4 articles tagged with "CVE"

ELLIO threat intelligence dashboard showing React2Shell activity across ports, countries, and time from Dec 2025 to Mar 2026 with color-coded heatmap visualization

Threat/Vulnerability News_March 19, 2026_3 min

React2Shell Update: Custom Go L7 DDoS Botnet

A single delivery IP has been exploiting React2Shell to distribute malware from an open directory. 31 binaries including a custom Go L7 DDoS botnet with Cloudflare token forgery, two Mirai variants across 13 CPU architectures, and a C2 server.

ELLIO Threat Research Lab

Infographic showing February 2026 credential-stuffing attack on Palo Alto GlobalProtect: 8,575 unique IPs, 3 attack waves, 48-hour duration. ELLIO branding at bottom.

CVENetwork Fingerprints

Threat/Vulnerability News_February 26, 2026_4 min

Coordinated Credential-Stuffing Campaign Targets Palo Alto GlobalProtect Portals

A coordinated credential-stuffing campaign hit GlobalProtect VPN portals with 8,575 IPs in 48 hours. Three attack waves, 78 targeted usernames, one password. Our team breaks down the timeline, infrastructure, fingerprints, and what defenders can do.

ELLIO Threat Research Lab

CVE

Threat/Vulnerability News_December 5, 2025_5 min

React2Shell in the Wild: Payload Analysis, Active Campaigns, and IoCs

The ELLIO sensor network has been tracking active exploitation of CVE-2025-55182 (React2Shell) in the wild. Here’s what we’re seeing.

ELLIO Threat Research Lab

CVE

Threat/Vulnerability News_November 26, 2025_4 min

From Scan to Exploit: Inside the Latest Cisco ASA/FTD Campaign

From reconnaissance to exploitation in just 48 hours. See how 75 IPs executed surgical, one-hit attacks on Cisco ASA/FTD devices - and how to disappear from target lists.

ELLIO Threat Research Lab