Today, Disney revealed the first teaser for the highly anticipated Camp Rock 3, coming to Disney+ and Disney Channel in Summer 2026. The teaser includes a first look at the Jonas Brothers’ return as Connect 3 and the new…
After months of teasing a triple-display foldable phone, Samsung is gearing up to launch what it’s calling the Galaxy Z TriFold — because foldables with just one hinge are so last year.
The phone is slated to become available first in Korea…
Russian authorities blocked access to Snapchat and imposed restrictions on Apple’s video calling service FaceTime, the latest step in an effort to tighten control over the internet and communications online, according to state-run news agencies and the country’s communications regulator.
State internet regulator Roskomnadzor alleged in a statement that both apps were being “used to organize and conduct terrorist activities on the territory of the country, to recruit perpetrators (and) commit fraud and other crimes against our citizens.” Apple did not respond to an emailed request for comment, nor did Snap Inc.
The Russian regulator said it took action against Snapchat 10 October, even though it only reported the move on Thursday. The moves follow restrictions against Google’s YouTube, Meta’s WhatsApp and Instagram, and the Telegram messaging service, itself founded by a Russian-born man, that came in the wake of Vladimir Putin’s invasion of Ukraine in 2022.
Under Vladimir Putin, authorities have engaged in deliberate and multi-pronged efforts to rein in the internet. They have adopted restrictive laws and banned websites and platforms that don’t comply. Technology also has been perfected to monitor and manipulate online traffic.
Access to YouTube was disrupted last year in what experts called deliberate throttling of the widely popular site by the authorities. The Kremlin blamed YouTube owner Google for not properly maintaining its hardware in Russia.
While it’s still possible to circumvent some of the restrictions by using virtual private network services, those are routinely blocked, too.
Authorities further restricted internet access this summer with widespread shutdowns of cellphone internet connections. Officials have insisted the measure was needed to thwart Ukrainian drone attacks, but experts argued it was another step to tighten internet control. In dozens of regions, “white lists” of government-approved sites and services that are supposed to function despite a shutdown have been introduced.
The government also has acted against popular messaging platforms. Encrypted messenger Signal and another popular app, Viber, were blocked in 2024. This year, authorities banned calls via WhatsApp, the most popular messaging app in Russia, and Telegram, a close second. Roskomnadzor justified the measure by saying the two apps were being used for criminal activities.
At the same time, authorities actively promoted a “national” messenger app called Max, which critics see as a surveillance tool. The platform, touted by developers and officials as a one-stop shop for messaging, online government services, making payments and more, openly declares it will share user data with authorities upon request. Experts also say it does not use end-to-end encryption.
Earlier this week, the government also said it was blocking Roblox, a popular online game platform, saying the step aimed at protecting children from illicit content and “pedophiles who meet minors directly in the game’s chats and then move on to real life.” Roblox in October was the second most popular game platform in Russia, with nearly 8 million monthly users, according to media monitoring group Mediascope.
skip past newsletter promotion
after newsletter promotion
Stanislav Seleznev, cyber security expert and lawyer with the Net Freedom rights group, said that Russian law views any platform where users can message each other as “organizers of dissemination of information”.
This label mandates that platforms have an account with Roskomnadzor so that it could communicate its demands, and give Russia’s security service, the FSB, access to accounts of their users for monitoring; those failing to comply are in violation and can get blocked, Seleznev said.
Seleznev estimated that possibly tens of millions of Russians have been using FaceTime, especially after calls were banned on WhatsApp and Telegram. He called the restrictions against the service “predictable” and warned that other sites failing to cooperate with Roskomnadzor “will be blocked – that’s obvious”.
In March of 2020, Netflix infused $11 million into a production company to complete the first season of “White Horse,” a futuristic sci-fi series it hoped to bring to its platform.
On Dec. 3, 2025, researchers publicly disclosed critical remote code execution (RCE) vulnerabilities in the Flight protocol used by React Server Components (RSC). These vulnerabilities are tracked as CVE-2025-55182 (React) and CVE-2025-66478 (Next.js), which have been assigned a maximum severity rating of CVSS 10.0.
The flaw allows unauthenticated attackers to execute arbitrary code on the server via insecure deserialization of malicious HTTP requests. Testing indicates the exploit has near-100% reliability and requires no code changes to be effective against default configurations. There have been no reports of exploitation in the wild as of Dec. 3, 2025.
React is heavily implemented in enterprise environments, used by roughly 40% of all developers, while Next.js is used by approximately 18%-20%. This makes it the leading server-side framework for the React ecosystem.
Palo Alto Networks Cortex Xpanse has identified the presence of over 968,000 React and Next.js instances in our telemetry.
These vulnerabilities impact the React 19 ecosystem and frameworks that implement it. Specifically, they affect the following versions:
React: Versions 19.0, 19.1, and 19.2
Next.js: Versions 15.x and 16.x (App Router), as well as Canary builds starting from 14.3.0
Other frameworks: Any library bundling the react-server implementation, including React Router, Waku, RedwoodSDK, Parcel and Vite RSC plugins
Palo Alto Networks customers receive protections from and mitigations for CVE-2025-55182 and CVE-2025-66478 in the following ways:
Cortex XDR and XSIAM agents help protect against post-exploitation activities using the multi-layer protection approach.
Palo Alto Networks also recommends upgrading to the following hardened versions immediately:
React: Upgrade to 19.0.1, 19.1.2, or 19.2.1
Next.js: Upgrade to the latest stable patched versions, including 16.0.7, 15.5.7, 15.4.8, 15.3.6, 15.2.6, 15.1.9 or 15.0.5
The Unit 42 Incident Response team can be engaged to help with a compromise or to provide a proactive assessment to lower your risk.
Details of the Vulnerabilities: CVE-2025-55182 (React) and CVE-2025-66478 (Next.js)
CVE-2025-55182 (React) and CVE-2025-66478 (Next.js) are classified as Critical (CVSS 10.0) and are caused by insecure deserialization within the RSC architecture, specifically involving the Flight protocol.
The vulnerabilities reside in the react-server package and its implementation of the RSC Flight protocol. It is a logical deserialization flaw where the server processes RSC payloads safely.
When a server receives a specially crafted, malformed HTTP payload (typically through data delivered in a POST request), it fails to correctly validate the structure of the data. Because of this insecure deserialization, the server allows attacker-controlled data to influence server-side execution logic.
This results in RCE, allowing an attacker to execute arbitrary privileged JavaScript code on the server.
Attack Vector and Exploitability
Attack complexity: The attack complexity is low. It requires no user interaction and no privileges (unauthenticated).
Target endpoints: The attack targets React Server Function endpoints.
Critical nuance: Even if an application does not strictly implement or use React Server Functions, it remains vulnerable if the application supports React Server Components generally.
Reliability: Testing has shown the exploit has near-100% reliability.
Default configuration: The vulnerabilities are present in default configurations. For example, a standard Next.js application created with create-next-app and built for production is exploitable without any code changes by the developer.
Specific Affected Components
While generally described as affecting React and Next.js, the vulnerabilities technically exist within specific underlying packages that handle server-side rendering and module loading.
Affected Packages
The vulnerabilities are present in versions 19.0.0, 19.1.0, 19.1.1 and 19.2.0 of the following packages:
react-server-dom-webpack
react-server-dom-parcel
react-server-dom-turbopack
Affected Framework Implementations
Any framework bundling these packages is affected:
Next.js: Versions 15.x and 16.x (App Router), as well as Canary builds starting from 14.3.0-canary.77
Other ecosystems: React Router, Waku, RedwoodSDK, Parcel and the Vite RSC plugin are all affected if they use the vulnerable React packages
Interim Guidance
Required actions: Immediate patching is the only definitive mitigation.
Engineering and security teams should upgrade to the following hardened versions immediately:
React: Upgrade to 19.0.1, 19.1.2, or 19.2.1
Next.js: Upgrade to the latest stable patched versions, including 16.0.7, 15.5.7, 15.4.8, 15.3.6, 15.2.6, 15.1.9 or 15.0.5
For the latest updates on these vulnerabilities, please see the documentation provided by each respective vendor:
Unit 42 Managed Threat Hunting Queries
The Unit 42 Managed Threat Hunting team continues to track any attempts to exploit this CVE across our customers, using Cortex XDR and the XQL queries below. Cortex XDR customers can also use these XQL queries to search for signs of exploitation.
The following hunting queries are not high-fidelity detections and should be investigated to determine whether the web server operates vulnerable React Server Components.
// Description: File operations targeting potentially sensitive files or indications of exploitation of CVE-2025-55182
// Caveat 1: Next.js may still be running if a custom server.js is in use, as such the filtering of ‘actor_process_command_line contains “.next”‘ restricts the results to ‘standard’ Next.js deployment and if not overly noisy we recommend running the query without it too.
// Caveat 2: Vulnerable React Server Component (RSC) endpoints may be served by a wider range of JavaScript runtimes than just NodeJS (such as Bun or Deno) and we recommend re-executing the queries targeting these runtimes if they are used in your environment.
// Description: Identifies a Node.js process directly spawning common system reconnaissance tools to gather user, network, or process information.
// Caveat: May be prone to false positives. Investigate hits within the context of a NodeJS server running a version of React with vulnerable React Server Components
|comp count_distinct(action_process_image_name)asnum_procs,values(action_process_image_command_line)asaction_process_image_command_line by agent_hostname,actor_process_image_name,actor_process_command_line,action_process_image_name
|filter num_procs>1
// Description: Identifies a specific causality chain where Node.js spawns a shell (cmd/bash/powershell), which subsequently spawns a downloader (curl/wget).
The critical distinction of these vulnerabilities is their nature as a deterministic logic flaw in the Flight protocol, rather than a probabilistic error. Unlike memory corruption bugs that may fail, this flaw guarantees execution, transforming it into a reliable system-wide bypass for attackers. Amplified by the massive footprint of Next.js in enterprise environments, this creates a direct conduit to sensitive internal data.
Ultimately, this incident underscores the inherent friction between performance and security in modern architecture. While React Server Components optimize data fetching and search engine optimization (SEO) by moving logic closer to the source, they simultaneously move the attack surface closer to organizations’ most sensitive and valuable data.
Palo Alto Networks customers are better protected by our products, as listed below. We will update this threat brief as more relevant information becomes available.
Palo Alto Networks Product Protections for CVE-2025-55182 and CVE-2025-66478
Palo Alto Networks customers can leverage a variety of product protections and updates to identify and defend against this threat.
If you think you might have been compromised or have an urgent matter, get in touch with the Unit 42 Incident Response team or call:
North America: Toll Free: +1 (866) 486-4842 (866.4.UNIT42)
UK: +44.20.3743.3660
Europe and Middle East: +31.20.299.3130
Asia: +65.6983.8730
Japan: +81.50.1790.0200
Australia: +61.2.4062.7950
India: 000 800 050 45107
Cortex XDR and XSIAM
Cortex XDR and XSIAM agents help protect against post-exploitation activities using the multi-layer protection approach.
ISLAMABAD (Dunya News) – Pakistan has once again reiterated its clear stance that the border will remain closed until the Afghan government provides firm assurances to prevent terrorist infiltration into…
