insecure deserialization — 2 Technical Articles

Mar 26, 2026 · Information Security

CVE-2025-55182: In-Depth Analysis of the React Server Components Deserialization Vulnerability

A critical unauthenticated RCE flaw (CVE-2025-55182) in React Server Components affecting versions before 19.2.1 enables attackers to execute arbitrary code via crafted POST requests, with public PoC available and immediate mitigation steps outlined.

CVE-2025-55182Next.jsRCE

0 likes · 7 min read

CVE-2025-55182: In-Depth Analysis of the React Server Components Deserialization Vulnerability

Black & White Path

Mar 25, 2026 · Information Security

How Interlock Ransomware Exploits Cisco FMC Zero‑Day CVE‑2026‑20131 for Root Access

Amazon's threat‑intel team revealed that the Interlock ransomware group has been leveraging Cisco Firepower Management Center's CVE‑2026‑20131 zero‑day—an insecure deserialization flaw that grants unauthenticated root access—since January 2026, exposing a detailed attack chain, toolset, attribution clues, impact assessment, and defensive recommendations.

CVE-2026-20131Cisco FMCInterlock ransomware

0 likes · 12 min read

How Interlock Ransomware Exploits Cisco FMC Zero‑Day CVE‑2026‑20131 for Root Access