A veteran games journalist claims Half-Life 3 is real and [1]still planned as a Spring 2026 launch title tied to Valve's next Steam Machine push. Ars Technica reports:

> On the contrary, veteran journalist Mike Straw insisted on a [2]recent Insider Gaming podcast that "everybody I've talked to are still adamant [Half-Life 3] is a game that will be a launch title with the Steam Machine."

>

> Straw -- who has [3]a long [4]history of [5]reporting gaming rumors [6]from anonymous sources -- said this Half-Life 3 information is "not [from] these run-of-the-mill sources that haven't gotten me information before. ... These aren't like random, one-off people." And those sources are "still adamant that the game is coming in the spring," Straw added, noting that he was "specifically told [that] spring 2026 [is the window] for the Steam Machine, for the Frame, for the Controller, [and] for Half-Life 3." [...]

>

> Timing specifics aside, Straw said his sources have him convinced that the long wait for Half-Life 3 is coming to an end in the near future. "The game's real," he said. "At the end of the day, the game is real. There's no denying it. It's just a 'when' and not an 'if' at this point."



[1] https://arstechnica.com/gaming/2025/12/journalist-insists-half-life-3-will-launch-with-steam-machine-in-spring-2026/

[2] https://www.youtube.com/live/x7GRLcaZtgA

[3] https://x.com/MikeStrawMedia/status/1514651538026815490

[4] https://x.com/mikestrawmedia/status/1869824116339159465?s=46

[5] https://insider-gaming.com/exclusive-new-the-lord-of-the-rings-game-in-development/

[6] https://mikestrawmedia.com/column/lets-talk-about-anonymous-sources/

An anonymous reader quotes a report from the New York Times:

> The last vehicle will roll off the assembly line at Volkswagen's plant in Dresden, Germany, on Tuesday, marking the [1]first time in the automaker's 88-year history that it has closed a plant in its home country . Volkswagen warned of potential production cuts last year, as it faced shaky demand in Europe and China, its biggest market, as well as higher tariffs that have crimped sales in the United States.

>

> After 24 years of vehicle production, the Dresden plant will be converted into a research hub focused on technologies like artificial intelligence, robotics and chip design. Volkswagen will team up with the government of the state of Saxony and the Dresden University of Technology on the project at the plant, known as the Transparent Factory because of its glass walls. "We did not take the decision to end vehicle production at the Transparent Factory after more than 20 years lightly," Thomas Schafer, chief executive of the Volkswagen brand, [2]said in a statement . "From an economic perspective, however, it was absolutely necessary."



[1] https://www.nytimes.com/2025/12/16/business/volkswagen-dresden-factory-closed.html

[2] https://www.volkswagen-newsroom.com/de/pressemitteilungen/zukunftskonzept-steht-innovationscampus-wird-teil-der-glaesernen-manufaktur-dresden-20022

Utah Gov. Spencer Cox signed two bills this year that ended solar development tax credits and imposed a new tax on solar generation despite solar power accounting for two-thirds of the new projects waiting to connect to the state's power grid. The legislation passed by the Republican-controlled Legislature has [1]already had an impact .

Since May, when the laws took effect, 51 planned solar projects withdrew their applications to connect to the grid. That represents more than a quarter of all projects in Utah's transmission connection queue. The moves came as Cox promoted Operation Gigawatt, an initiative to double the state's energy production in the next decade through what he called an "any of the above" approach.

A third bill aimed at limiting solar development on farmland narrowly missed the deadline for passage but is expected to return next year. Rocky Mountain Power earlier this year asked regulators to approve a 30% electricity rate hike. Regulators eventually awarded a 4.7% increase.



[1] https://arstechnica.com/science/2025/12/utah-leaders-hinder-efforts-to-develop-solar-energy-supply/

The new chief of Britain's Secret Intelligence Service told officers this week that they must [1]become as fluent in programming languages like Python as they are in foreign languages like Russian as the spy agency adapts to what she described as a space between peace and war. Blaise Metreweli, MI6's first female chief and previously the service's director general of technology and innovation, said in her first public speech that mastery of technology is now required across the organization.

She warned that advanced technologies including AI, biotechnology and quantum computing are revolutionizing both economies and the reality of conflict. Metreweli focused particularly on threats from Russia, saying the country is testing the UK in the grey zone through cyberattacks on critical infrastructure, drones near sensitive sites and propaganda operations.



[1] https://www.theregister.com/2025/12/16/mi6_chief_well_be_as/

The weight of AI server racks has reached a point where legacy data centers [1]cannot accommodate them even with significant retrofitting efforts, The Verge reports. Chris Brown, chief technical officer at Uptime Institute, said most retrofitting attempts would require "bulldozing the building and starting over from scratch."

AI racks are projected to reach 5,000 pounds compared to the 400 to 600 pounds that racks weighed three decades ago. The dramatic increase stems from hundreds to 1,000 GPUs packed densely into each rack alongside memory chips and liquid cooling systems that can add substantial weight. AI workloads now consume up to 350 kilowatts per rack, 35 times the 10 kilowatts that traditional computer chip workloads averaged a decade ago. Legacy data centers with raised floors typically max out at around 1,250 pounds per square foot for static loads.

Chris McLean, president of Critical Facility Group, said that rack heights have grown from 6 feet to 9 feet over nearly two decades, creating problems with doorframes and freight elevators in older buildings.



[1] https://www.theverge.com/ai-artificial-intelligence/844966/heavy-ai-data-center-buildout

U.S. officials excoriated the European Union for discriminating against American technology companies and [1]threatened to penalize European tech companies in return , in a social media post on Tuesday. From a report:

> The pronouncement appeared to signal a rockier period for U.S.-E.U. trade relations, as the two governments work to finalize a trade framework they announced this year. The United States has been pushing Europe to open up its tech sector to American firms. But U.S. officials have complained that the European Union has not walked back broader regulation of company business practices while also proceeding with investigations of major American tech firms like Google, X, Amazon and Meta.

>

> In a social media post, the Office of the United States Trade Representative, which has carried out the negotiations, said that the European Union and some member states had "persisted in a continuing course of discriminatory and harassing lawsuits, taxes, fines and directives" against American companies.

>

> The United States had raised concerns with the European Union about these issues for years "without meaningful engagement," all while allowing European companies to operate freely in the United States, it said. If the European Union continues these policies, the United States would "have no choice but to begin using every tool at its disposal to counter these unreasonable measures," the U.S.T.R. said. It named fees and restrictions on service companies among the possibilities, and said it would use the same approach against other countries that echoed Europe's strategy.

>

> The post singled out potential European service providers that could be targeted by name, listing Accenture, DHL, Mistral, SAP, Siemens and Spotify, among others.



[1] https://www.nytimes.com/2025/12/16/business/economy/us-eu-tech-penalties.html

[1]mprindle writes:

> The Texas Attorney General [2]sued five major television manufacturers , accusing them of illegally collecting their users' data by secretly recording what they watch using Automated Content Recognition (ACR) technology.

>

> The lawsuits target Sony, Samsung, LG, and China-based companies Hisense and TCL Technology Group Corporation. Attorney General Ken Paxton's office also highlighted "serious concerns" about the two Chinese companies being required to follow China's National Security Law, which could give the Chinese government access to U.S. consumers' data.

>

> According to complaints filed this Monday in Texas state courts, the TV makers can allegedly use ACR technology to capture screenshots of television displays every 500 milliseconds, monitor the users' viewing activity in real time, and send this information back to the companies' servers without the users' knowledge or consent.



[1] https://slashdot.org/~mprindle

[2] https://www.bleepingcomputer.com/news/security/texas-sues-tv-makers-for-spying-on-users-selling-data-without-consent/

McKinsey, the consulting giant that has spent a century advising companies on how to cut costs and restructure operations, is now [1]turning that advice inward as it plans to eliminate thousands of jobs across its non-client-facing departments over the next 18 to 24 months.

The firm's leadership has discussed a roughly 10% headcount reduction in support functions, according to Bloomberg. McKinsey's revenue has hovered around $15 billion to $16 billion for the past five years after a decade of rapid expansion that saw employee count climb from 17,000 in 2012 to 45,000 by 2022. The headcount has since slid to about 40,000.

The cuts come as consulting firms face cost-conscious clients, Trump administration pressure on government consulting spending, and reduced payments from Saudi Arabia, which had been paying McKinsey at least $500 million annually in the decade up to 2024. McKinsey cut about 1,400 jobs in 2023 under a plan internally labeled Project Magnolia, and axed 200 global tech positions last month. The firm still plans to hire consultants even as it shrinks support staff.



[1] https://www.bloomberg.com/news/articles/2025-12-15/mckinsey-executives-plot-job-cuts-in-slowdown-for-consulting-industry

A millisecond used to be a big deal for the world's quickest traders. A dispute over huge trading profits at one of the world's largest futures exchanges [1]shows they now think a million times faster [ [2]non-paywalled source ] . From a report:

> The controversy is about an arcane technical maneuver in which high-speed traders bombard Frankfurt-based Eurex with useless data. The idea is to keep their connections to the exchange warm so they can react fractionally faster to market-moving information. The battle is the latest chapter in a decadeslong contest among secretive ultrafast trading firms, which have pursued a relentless quest for minuscule speed advantages.

>

> A group of high-frequency trading firms has exploited the practice to rake in hundreds of millions of dollars, says Mosaic Finance, a French firm that has complained to Eurex and European regulators. "An arms race is OK, but you must use legal weapons," said Hugues Morin, founder of Mosaic. Eurex says Mosaic's claims are baseless.

>

> [...] High-speed traders often seek to capture fleeting differences between prices of related assets, making quick response times critical. If benchmark Euro Stoxx 50 index futures rise, for example, contracts tied to Germany's DAX will usually follow. A first mover will be able to buy DAX futures before they tick higher, then sell out at a higher price -- a strategy that can add up to big profits over time. The maneuver that prompted Mosaic's spat with Eurex can improve reaction times by about 3.2 nanoseconds, according to the French firm, which calls it "corrupted speculative triggering," or CST for short.



[1] https://www.wsj.com/finance/high-speed-traders-are-feuding-over-a-way-to-save-3-2-billionths-of-a-second-dbad6fc3

[2] https://www.msn.com/en-us/money/other/high-speed-traders-are-feuding-over-a-way-to-save-3-2-billionths-of-a-second/ar-AA1SqnSs

The glasses-shaped face computers that tech companies have been building for years now face an identity crisis, and their makers [1]can't agree on what to call them . Meta has asked a journalist to refer to its Ray-Ban glasses as "AI glasses" to distinguish them from Google Glass. Google, whose Project Aura is a collaboration with Xreal, calls the product "wired XR glasses" because the company views it as more aligned with headsets in a glasses form factor.

Xreal's CEO Chi Xu laughed when asked about Aura's category and said the company will call all its products "AR glasses." Research firms aren't aligned either. Gartner defines smart glasses as camera- and display-free devices with Bluetooth and AI. Counterpoint Research said smart glasses without see-through displays drive volumes in the smart eyewear category. IDC uses a broader definition that includes anything glasses-shaped.



[1] https://www.theverge.com/gadgets/841536/smart-glasses-ai-glasses-xr-ar-headsets-terminology-wearables

The traditional signals that employers used to evaluate entry-level job candidates -- college GPAs, cover letters, and interview performance -- have [1]lost much of their value as grade inflation and widespread AI use render these metrics nearly meaningless, writes The Atlantic.

The recent-graduate unemployment rate now sits slightly higher than the overall workforce's, a reversal from historical norms where new college graduates were more likely to be employed than the average worker. Job postings on Handshake, a career-services platform for students and recent graduates, have fallen by more than 16 percent in the past year. At Harvard, [2]60% of undergraduate grades are now A's , up from fewer than a quarter two decades ago. Seven years ago, 70% of new graduates' resumes were screened by GPA; that figure has dropped to 40%.

Two working papers examining Freelancer.com found that cover-letter quality once strongly predicted who would get hired and how well they would perform -- until ChatGPT became available. "We basically find the collapse of this entire signaling mechanism," researcher Jesse Silbert said. The average number of applications per open job has increased by 26% in the past year. Students at UC Berkeley are now applying to 150 internships just to land one or two interviews.



[1] https://www.msn.com/en-us/careers/job-search/the-entry-level-hiring-process-is-breaking-down/ar-AA1SrPt5

[2] https://news.slashdot.org/story/25/10/28/1520235/harvard-says-its-been-giving-too-many-a-grades-to-students

Mozilla has named Anthony Enzor-DeMeo [1]as its new chief executive , promoting the executive who has spent the past year leading the Firefox browser team and who now plans to make AI central to the company's future.

Enzor-DeMeo announced on Tuesday that an "AI Mode" is coming to Firefox next year. The feature will let users choose from multiple AI models rather than being locked into a single provider. Some options will be open-source models, others will be private "Mozilla-hosted cloud options," and the company also plans to integrate models from major AI companies. Mozilla itself will not train its own large language model.

"We're not incentivized to push one model or the other," Enzor-DeMeo [2]told The Verge . Firefox currently has about 200 million monthly users, a fraction of Chrome's roughly 4 billion, though Enzor-DeMeo insists mobile usage is growing at a decent clip.

He takes over from interim CEO Laura Chambers, who led the company through a major antitrust case and what Mozilla describes as "double-digit mobile growth" in Firefox. Chambers is returning to the Mozilla board of directors. The new CEO has outlined three priorities: ensuring all products give users control over AI features including the ability to turn them off, building a business model around transparent monetization, and expanding Firefox into a broader ecosystem of trusted software. Mozilla VPN integration is planned for the browser next year.



[1] https://blog.mozilla.org/en/mozilla/leadership/mozillas-next-chapter-anthony-enzor-demeo-new-ceo/

[2] https://www.theverge.com/tech/845216/mozilla-ceo-anthony-enzor-demeo

Google's data partner HouseCanary has [1]begun displaying home listings directly in search results in select markets, sending Zillow's shares tumbling more than 8% yesterday as investors weighed whether the search giant might eventually cut into the portal business that Zillow dominates.

The experiment places property details, prices, images and a "Request a tour" button at the top of mobile search results. HouseCanary, a full-service brokerage licensed in all 50 states and Washington D.C., said it contacted every MLS in the test regions before launching.

Analysts are largely downplaying immediate concerns. Goldman Sachs noted that most of Zillow's traffic comes directly through its apps and websites rather than Google searches, though the firm views the development as a long-term risk. Piper Sandler called the fears "overblown," and Wells Fargo suggested portals like Zillow would likely end up bidding for ad units on Google rather than losing traffic outright.



[1] https://www.geekwire.com/2025/googles-real-estate-listings-experiment-sends-zillow-shares-down-more-than-8/

An anonymous reader quotes a report from BleepingComputer:

> Audio streaming platform SoundCloud has confirmed that outages and VPN connection issues over the past few days were [1]caused by a security breach in which threat actors stole a database containing user information . The disclosure follows widespread reports over the past four days from users who were unable to access SoundCloud when connecting via VPN, with attempts resulting in the site displaying 403 "forbidden" errors.

>

> In a statement shared with BleepingComputer, SoundCloud said it recently detected unauthorized activity involving an ancillary service dashboard and activated its incident response procedures. SoundCloud acknowledged that a threat actor accessed some of its data but said the exposure was limited in scope. [...] BleepingComputer has learned that the breach affects 20% of SoundCloud's users, which, based on publicly reported user figures, could impact roughly 28 million accounts. The company said it is confident that all unauthorized access to SoundCloud systems has been blocked and that there is no ongoing risk to the platform.

"We understand that a purported threat actor group accessed certain limited data that we hold," SoundCloud told BleepingComputer. "We have completed an investigation into the data that was impacted, and no sensitive data (such as financial or password data) has been accessed. The data involved consisted only of email addresses and information already visible on public SoundCloud profiles."



[1] https://www.bleepingcomputer.com/news/security/soundcloud-confirms-breach-after-member-data-stolen-vpn-access-disrupted/

PayPal has [1]applied to become a US bank by forming a Utah-chartered industrial loan company, signaling a push to deepen its financial services "as companies rush to capitalize on a friendly regulatory environment under the Trump administration," reports Reuters. From the report:

> If approved, the move will help PayPal to strengthen its lending offerings to small businesses in the U.S. as well as reduce its reliance on third parties. "Securing capital remains a significant hurdle for small businesses striving to grow and scale," said PayPal CEO Alex Chriss. "Establishing PayPal Bank will strengthen our business and improve our efficiency, enabling us to better support small business growth and economic opportunities across the U.S."

>

> PayPal also plans to offer interest-bearing savings accounts to customers. The company has provided over $30 billion in loans and capital since 2013, it said. [...] PayPal has selected Mara McNeill to serve as PayPal Bank's president. She comes with over two decades of experience in banking and commercial lending, and has previously served as the CEO of Toyota Financial Savings Bank.



[1] https://www.bloomberg.com/news/articles/2025-12-15/paypal-applies-to-become-a-bank-as-us-loosens-regulatory-reins

A new study warns that glaciers in the European Alps will [1]hit their peak extinction rate within eight years , with global glacier loss accelerating toward thousands per year unless emissions are rapidly cut. "Glaciers in the western US and Canada are forecast to reach their peak year of loss less than a decade later, with more than 800 disappearing each year by then," adds the Guardian. From the report:

> About 200,000 glaciers remain worldwide, with about 750 disappearing each year. However, the research indicates this pace will accelerate rapidly as emissions from burning fossil fuels continue to be released into the atmosphere. Current climate action plans from governments are forecast to push global temperatures to about 2.7C above preindustrial levels, supercharging extreme weather. Under this scenario, glacier losses would peak at about 3,000 a year in 2040 and plateau at that rate until 2060. By the end of the century, 80% of today's glaciers will have gone. By contrast, rapid cuts to carbon emissions to keep global temperature rise to 1.5C would cap annual losses at about 2,000 a year in 2040, after which the rate would decline. [...]

>

> The new study, [2]published in Nature Climate Change , analyzed more than 200,000 glaciers from a database of outlines derived from satellite images. The researchers used three global glacier models to assess their fate under different heating scenarios. Regions with the smallest and fastest-melting glaciers were found to be the most vulnerable. The study estimates the 3,200 glaciers in central Europe would shrink by 87% by 2100 -- even if global temperature rise is limited to 1.5C, rising to 97% under 2.7C of heating.

>

> In the western US and Canada, including Alaska, about 70% of today's 45,000 glaciers are projected to vanish under 1.5C of heating, and more than 90% under 2.7C. The Caucasus and southern Andes are also expected to face devastating losses. Larger glaciers take longer to melt, with those in Greenland reaching their peak extinction rate in about 2063 -- losing 40% by 2100 under 1.5C of heating and 59% under 2.7C. However, the melting is forecast to continue beyond 2100. The researchers said the peak loss dates represent more than a numerical milestone. "They mark turning points with profound implications for ecosystems, water resources and cultural heritage," they wrote. "[It is] a human story of vanishing landscapes, fading traditions and disrupted daily routines."



[1] https://www.theguardian.com/environment/2025/dec/15/alpine-glaciers-rate-extinction-climate-crisis

[2] https://www.nature.com/articles/s41558-025-02513-9

An anonymous reader quotes a report from Ars Technica:

> Microsoft is [1]killing off an obsolete and vulnerable encryption cipher that Windows has supported by default for 26 years following more than a decade of devastating hacks that exploited it and recently faced blistering criticism from a prominent US senator. When the software maker rolled out Active Directory in 2000, it made RC4 a sole means of securing the Windows component, which administrators use to configure and provision fellow administrator and user accounts inside large organizations. RC4, short for Rivist Cipher 4, is a nod to mathematician and cryptographer Ron Rivest of RSA Security, who developed the stream cipher in 1987. Within days of the trade-secret-protected algorithm being leaked in 1994, a researcher demonstrated a cryptographic attack that significantly weakened the security it had been believed to provide. Despite the known susceptibility, RC4 remained a staple in encryption protocols, including SSL and its successor TLS, until about a decade ago. [...]

>

> Last week, Microsoft [2]said it was finally deprecating RC4 and cited its susceptibility to Kerberoasting, the form of attack, known since 2014, that was the root cause of the initial intrusion into Ascension's network. "By mid-2026, we will be updating domain controller defaults for the Kerberos Key Distribution Center (KDC) on Windows Server 2008 and later to only allow AES-SHA1 encryption," Matthew Palko, a Microsoft principal program manager, wrote. "RC4 will be disabled by default and only used if a domain administrator explicitly configures an account or the KDC to use it." [...] Following next year's change, RC4 authentication will no longer function unless administrators perform the extra work to allow it. In the meantime, Palko said, it's crucial that admins identify any systems inside their networks that rely on the cipher. Despite the known vulnerabilities, RC4 remains the sole means of some third-party legacy systems for authenticating to Windows networks. These systems can often go overlooked in networks even though they are required for crucial functions.

>

> To streamline the identification of such systems, Microsoft is making several tools available. One is an update to KDC logs that will track both requests and responses that systems make using RC4 when performing requests through Kerberos. Kerberos is an industry-wide authentication protocol for verifying the identities of users and services over a non-secure network. It's the sole means for mutual authentication to Active Directory, which hackers attacking Windows networks widely consider a Holy Grail because of the control they gain once it has been compromised. Microsoft is also introducing new PowerShell scripts to sift through security event logs to more easily pinpoint problematic RC4 usage. Microsoft said it has steadily worked over the past decade to deprecate RC4, but that the task wasn't easy.

"The problem though is that it's hard to kill off a cryptographic algorithm that is present in every OS that's shipped for the last 25 years and was the default algorithm for so long, Steve Syfuhs, who runs Microsoft's Windows Authentication team, [3]wrote on Bluesky. "See," he continued, "the problem is not that the algorithm exists. The problem is how the algorithm is chosen, and the rules governing that spanned 20 years of code changes."



[1] https://arstechnica.com/security/2025/12/microsoft-will-finally-kill-obsolete-cipher-that-has-wreaked-decades-of-havoc/

[2] https://www.microsoft.com/en-us/windows-server/blog/2025/12/03/beyond-rc4-for-windows-authentication

[3] https://bsky.app/profile/syfuhs.net/post/3m7npxlaiy22r

Once [1]a star of the self-driving hype cycle, lidar maker Luminar has [2]filed for bankruptcy amid legal turmoil, layoffs, and a cooling autonomous-vehicle market. It plans to sell off its assets before shutting down entirely. The Verge reports:

> As part of its bankruptcy, Luminar is seeking permission to sell both its lidar and semiconductor businesses, the latter of which it has already agreed to sell to Quantum Computing for $110 million. The company plans to continue to operate during the bankruptcy proceedings "to minimize disruptions and maintain delivery of its LiDAR hardware and software." That said, Luminar will cease to exist once the process is complete. "As we navigate this process, our top priority is to continue delivering the same quality, reliability and service our customers have come to expect from us," CEO Paul Ricci said in a statement.

>

> After launching in 2017, Luminar muscled its way to the front of the autonomous vehicle industry as a top maker of lidar systems, a key technology that driverless cars use to sense the shapes and distances of objects around them. Luminar has sold sensors to Mercedes-Benz, Volvo, Audi, Toyota Research Institute, Caterpillar, and even Tesla, which has dismissed lidar sensors in favor of traditional cameras. The company was valued at nearly $3 billion when it went public through a reverse merger with a SPAC in 2020.



[1] https://tech.slashdot.org/story/20/05/06/2118224/volvo-will-sell-lidar-equipped-self-driving-cars-to-customers-by-2022

[2] https://www.theverge.com/news/844755/luminar-lidar-chapter-11-bankruptcy

After [1]introducing an AI Mode shortcut earlier this year, Google has now [2]added a new "plus" menu to its Search homepage , highlighting options for image and file uploads. 9to5Google reports:

> On google.com, the Search bar now has a plus icon at the far left that replaces the magnifying glass. Clicking lets you "Upload image" or "Upload file." It very much matches the AI Mode experience. Those two capabilities aren't new, but this plus menu does help emphasize that you can use Google to accomplish tasks, and not just find information. Additionally, it helps indicate that they can be used with AI Mode and AI Overviews. This is just available on desktop web (not mobile) and is live on all the devices we checked today, including across signed-out Incognito sessions.



[1] https://tech.slashdot.org/story/25/03/05/1944216/google-is-adding-more-ai-overviews-and-a-new-ai-mode-to-search

[2] https://9to5google.com/2025/12/15/google-search-plus-menu/

A critical React vulnerability ( [1]CVE-2025-55182 ) is [2]being actively exploited at scale by Chinese, Iranian, North Korean, and criminal groups to gain remote code execution, deploy backdoors, and mine crypto. The Register reports:

> React maintainers [3]disclosed the critical bug on December 3, and exploitation began almost immediately. According to Amazon's threat intel team, Chinese government crews, including Earth Lamia and Jackpot Panda, started battering the security hole within hours of its disclosure. Palo Alto Networks' Unit 42 responders have put the victim count at more than 50 organizations across multiple sectors, with attackers from North Korea also abusing the flaw.

>

> Google, in a late Friday report, [4]said at least five other suspected PRC spy groups also exploited React2Shell, along with criminals who deployed XMRig for illicit cryptocurrency mining, and "Iran-nexus actors," although the report doesn't provide any additional details about who the Iran-linked groups are and what they are doing after exploitation. "GTIG has also observed numerous discussions regarding CVE-2025-55182 in underground forums, including threads in which threat actors have shared links to scanning tools, proof-of-concept (PoC) code, and their experiences using these tools," the researchers wrote.



[1] https://www.cve.org/CVERecord?id=CVE-2025-55182

[2] https://www.theregister.com/2025/12/15/react2shell_flaw_china_iran/

[3] https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

[4] https://cloud.google.com/blog/topics/threat-intelligence/threat-actors-exploit-react2shell-cve-2025-55182/