Security News

Cybersecurity news aggregator

💀
CRITICAL Attacks DFIR Report

Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware

ransomwarec2cve-2025-55182kev-boostedmitre-ta0001
The EtherRAT malware campaign initially exploited CVE-2025-55182 (React2Shell), a critical (CVSS 10.0) vulnerability in Facebook React versions 19.0.0 through 19.2.0 and Vercel Next.js versions 15.0.0 through 15.0.4. This campaign has evolved from targeting Linux servers to Windows systems and is now associated with The Gentleman ransomware.
Read Full Article →

The EtherRAT malware family was first reported by Sysdig back in December 2025. At that time, the initial access vector was exploitation of CVE-2025-55182 (React2Shell) targeting Linux servers. In March 2026, a Windows variant campaign was reported by Atos, with their investigation showing evidence of activity going back to the previous December. In April, we […] The post Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware appeared first on The DFIR Report .

Related Articles

CRITICAL Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic The Hacker News CRITICAL Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2 The Hacker News CRITICAL Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor The Hacker News CRITICAL JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025 The Hacker News
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn