Post · bonfire.cafe

⚠️ update on #React2Shell:

After the POC dropped ~21:04 GMT today, Fastly detected a profound proliferation in the number of requests triggering our NGWAF signal for React2Shell (see the graph).

We strongly recommend you immediately prioritize identifying and updating your React & Next.js apps.

At this time, anyone who has neither patched nor applied proactive protection should assume their vulnerable systems are potentially compromised in ways they cannot predict.
https://hachyderm.io/@shortridge/115663892585649723

Area chart displaying hourly volume of requests triggering Fastly's NGWAF signals for CVEs 2025-55182 & 2025-66478. The chart shows no signals prior to 7pm GMT, a small spike between 7-9pm GMT, followed by a spike at 10pm GMT, and a massive spike at 11pm GMT.

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.1-alpha.8 no JS en

Automatic federation enabled