Week 50 Tech Roundup – React2Shell Exploits, Crucial Brand Discontinued, NAND Shortage, Kioxia PCIe 5.0, Seagate 7TB HAMR, Proxmox 4.1

React2Shell Vulnerability Threatens Nearly 150,000 Servers Worldwide

A critical security flaw in React Server Components, designated CVE-2025-55182 and dubbed React2Shell, has emerged as one of the most severe vulnerabilities of late 2024. The Shadowserver Foundation’s latest scans reveal approximately 148,740 internet-exposed servers remain vulnerable to this unauthenticated remote code execution exploit, with nearly 94,000 located in the United States alone. Germany ranks second with 12,850 vulnerable instances, followed by France, India, and China. The vulnerability affects all frameworks implementing React Server Components, including Next.js, and stems from unsafe deserialization of client-controlled data. Security researchers have confirmed that over 30 organizations across multiple sectors have already been compromised, with attacks linked to Chinese state-sponsored threat actors including Earth Lamia, Jackpot Panda, and UNC5174. Attackers are deploying Cobalt Strike beacons, Snowlight malware droppers, and Vshell backdoors to maintain persistent access. CISA has added the vulnerability to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by December 26, 2025. Organizations running React-based applications should immediately update to the latest version, rebuild applications, and redeploy to eliminate this critical risk.

Source: React.dev (official), BleepingComputer

Kioxia Launches EXCERIA PRO G2 PCIe 5.0 Flagship SSD

Kioxia has unveiled the EXCERIA PRO G2 SSD, positioning it as the new performance flagship in its consumer storage lineup. Built on the M.2 2280 form factor and leveraging BiCS FLASH TLC 3D memory technology, the drive delivers exceptional PCIe 5.0 performance with sequential read speeds reaching 14,900 MB/s and write speeds up to 13,700 MB/s. Available in capacities up to 4TB, the EXCERIA PRO G2 targets enthusiasts, gamers, and content creators who demand maximum throughput for 8K video editing, rapid game loading, and intensive creative workflows. The drive sits atop Kioxia’s Personal SSD hierarchy, complementing the value-oriented EXCERIA BASIC (PCIe 4.0), balanced EXCERIA G3 (PCIe 5.0), and mainstream EXCERIA PLUS G4 (PCIe 5.0) series. Kioxia emphasizes the drive’s ability to sustain high speeds under continuous heavy workloads, making it suitable for high-end PCs, next-generation gaming consoles, and professional content creation systems. The EXCERIA PRO G2 is scheduled for availability in Q4 2025.

Source: Kioxia Europe (official)

Hyper Introduces HyperDrive Next USB4 V2 M.2 PCIe Enclosure

Hyper has announced the HyperDrive Next USB4 V2 M.2 PCIe Enclosure, a CES Innovation Awards 2026 Honoree designed for professionals requiring workstation-level external storage performance. The enclosure delivers 80 Gbps USB4 V2 connectivity with full PCIe Gen 4 x4 NVMe support, enabling true PCIe Gen 4 and Gen 3 performance for demanding workflows including 4K/8K video editing, AI model inference, and high-volume data transfers. Beyond storage, the modular design supports PCIe M.2 components such as AI accelerators, allowing users to augment system capabilities without internal hardware upgrades. The precision-machined aluminum body provides passive thermal management, while an included silicone sleeve offers IP55-rated dust and water protection for field deployments. Tool-free snap-in installation enables rapid SSD or module swapping, and optional external USB-C power delivery supports up to 25W total power for high-performance NVMe drives. Priced at $199.99, the HyperDrive Next USB4 V2 enclosure is available immediately across the United States, Europe, and other global markets, targeting creators, engineers, and mobile professionals.

Source: Hyper (official)

Biwin Unveils SIM Card-Sized 2TB NVMe SSD

Biwin has introduced the CL100, an ultra-compact 2TB NVMe SSD measuring just 15mm by 17mm—roughly the size of a phone SIM card. Despite its diminutive form factor, the drive delivers full NVMe 1.4 functionality with PCIe 4.0 two-lane interface support, achieving read speeds up to 3.7 GB/s and write speeds reaching 3.5 GB/s. Random performance metrics include 550K read IOPS and 650K write IOPS, comparable to full-sized M.2 drives with similar PCIe configurations. The CL100 fits into a slide-in tray resembling a phone SIM slot and has been demonstrated in handheld gaming PCs including the GPD Win 5 and OneXPlayer Super X. However, the drive uses a proprietary standard rather than an open format, limiting compatibility to devices specifically designed with Biwin’s card tray. Available in 512GB, 1TB, and 2TB capacities at approximately $85, $155, and $310 respectively, the CL100 is currently only available in China. Biwin also offers an external USB 4 card reader for broader compatibility. The timing coincides with industry-wide NAND shortages and price increases, making the drive’s arrival particularly notable for embedded, industrial, and handheld PC applications.

Source: PC Gamer

Notepad++ Updater Vulnerability Exploited in Targeted Attacks

The developer of Notepad++ has issued an urgent security warning regarding a dangerous vulnerability in the WinGUp updater component. Attackers are actively exploiting the flaw through man-in-the-middle attacks, intercepting update traffic to inject malicious binaries disguised as legitimate Notepad++ updates. The vulnerability stems from improper signature and certificate verification in older versions, allowing automatic download and execution of malware on vulnerable systems. Security researcher Kevin Beaumont reports the flaw has been exploited in highly targeted attacks against several organizations. Partial fixes were implemented in version 8.8.8 (released November 18), with comprehensive improvements arriving in version 8.8.9 (December 9). The updated version now reliably validates signatures and certificates, aborting updates when verification fails. Due to the nature of the vulnerability, users are strongly advised to manually download and install the latest version directly from the official Notepad++ website rather than relying on the automatic updater. The developer continues investigating the attackers’ methods while providing guidance for administrators to detect compromised systems.

Source: Notepad++ (official)

Micron Discontinues Crucial Consumer Brand After 29 Years

In a surprising strategic shift, Micron has announced the complete discontinuation of its Crucial consumer brand after nearly three decades of operation. The decision reflects Micron’s pivot toward higher-growth data center segments driven by AI-fueled demand for enterprise storage solutions. Chief Business Officer Sumit Sadana explained that AI-driven data center growth has created unprecedented demand, prompting the difficult decision to divest the consumer business to better support larger strategic customers. The withdrawal affects all consumer channels including direct sales, retail, online shops, and distributors. Crucial products will remain available through retail channels only until February 2026, after which the brand will cease consumer operations entirely. Micron will continue supplying OEMs with SSDs and memory modules for notebooks, but the end-user Crucial brand faces termination. The announcement caught many industry observers off guard, as Crucial had maintained a strong reputation for reliable, affordable storage and memory products. The move likely impacts numerous Crucial employees, though Micron indicated it would attempt to fill vacant positions within the broader organization. The decision underscores the industry’s dramatic shift toward enterprise and data center markets at the expense of traditional consumer segments.

Source: Micron Technology (official)

NAND Flash Shortage Drives Dramatic SSD Price Increases

Memory provider Transcend has issued a stark warning to business customers regarding an increasingly severe NAND flash shortage that threatens to drive substantial price increases and extended delivery times. In a December 2 letter, Transcend revealed that NAND suppliers Samsung and SanDisk have repeatedly postponed outstanding chip deliveries, with no new shipments received since October. The shortage stems from overwhelming data center demand, with all leading NAND manufacturers prioritizing enterprise customers over consumer and commercial markets. Transcend reports that costs have surged 50 to 100 percent in a single week, with the upward trend continuing at an unusually rapid pace. The company predicts the situation will persist for at least three to five months. Team Group corroborates these findings, noting that DRAM and NAND flash prices have nearly doubled within a month, with expectations that shortages will worsen through the first half of 2026 as remaining inventory depletes. The crisis has already impacted German and global consumer markets, with RAM prices nearly doubling between mid-September and mid-November. Both HDDs and SSDs have experienced significant price increases, signaling a challenging period ahead for storage procurement across all market segments.

Source: ComputerBase

Proxmox Backup Server 4.1 Expands Administrative Control

Proxmox has released Proxmox Backup Server 4.1, built on Debian 13.2 Trixie with Linux kernel 6.17 and ZFS 2.3. The update introduces significant enhancements to bandwidth management, verification workflows, and S3 object storage integration. A key addition is user-based traffic limiting, expanding beyond previous network-based controls to enable bandwidth allocation aligned with service or departmental priorities. Administrators can now set higher limits for critical systems while restricting test environments or lower-priority clients without network-level configuration changes. Verification jobs now support configurable parallelism, allowing administrators to tune thread allocation for checksum validation and data integrity checks. This enables teams to match verification behavior to available hardware resources, yielding shorter runtimes or balanced resource utilization during busy periods. The release also adds bandwidth rate limiting for S3 operations, preventing backup activity from overwhelming shared network links between Proxmox Backup Server and S3-compatible storage backends. The software remains published under the GNU AGPLv3 license, with enterprise subscriptions starting at EUR 540 per server annually, including unlimited clients, storage, enterprise repository access, and certified support. Existing installations can upgrade via standard APT package tools.

Source: Proxmox (official), StorageReview

GreyNoise Launches Free Botnet Detection Tool

Security firm GreyNoise has released a free tool enabling users to quickly determine whether their internet connection is being misused for botnet activities, DDoS attacks, or other cybercrime operations. The GreyNoise IP Check tool analyzes whether a user’s IP address has recently been associated with botnet infrastructure, including compromised routers, IoT devices, smart TVs, or infected laptops. Users accessing the web portal receive immediate test results. A green “Your IP is clean” message indicates the IP address has not been linked to cybercriminal infrastructure, though it doesn’t completely eliminate the possibility of infection. “Malicious” or “Suspicious” results indicate detected anomalies requiring urgent investigation. The tool addresses growing concerns about unwitting participation in large-scale attacks through malware-infected devices. GreyNoise researchers note that countless routers are integrated into botnets without user awareness, making detection tools increasingly valuable for both individual users and network administrators seeking to identify compromised infrastructure.

Source: GreyNoise (official)

Jellyfin 10.11.4 Delivers Stability Improvements

The Jellyfin project has released version 10.11.4, a minor update bringing ten bugfixes to improve overall system stability and reliability. Key fixes include resolving ResolveLinkTarget crashes on exFAT drives, caching OpenAPI document generation for improved performance, adding hidden file checks in BdInfoDirectoryInfo, and correcting isMovie filter logic. The update also addresses locked fields not saving properly, prevents foreign key errors by saving items to the database before provider execution, and stops HDR stream copying when only SDR is supported. Additional fixes resolve NullReferenceException errors in filesystem path comparisons and restrict first video frame probing to file protocol only. As with all Jellyfin releases, users are strongly advised to perform full backups before upgrading. The open-source media server continues its steady development trajectory with regular stability and compatibility improvements.

Source: Jellyfin GitHub (official)

Samsung Researches 5-Bit NAND with 96% Energy Savings

Researchers at Samsung’s semiconductor division are developing revolutionary NAND flash memory using ferroelectric field-effect transistors (FeFETs) that could reduce power consumption by up to 96 percent while supporting up to 5 bits per cell. Published in Nature under the title “Ferroelectric Transistors for Low-Power NAND Flash Memory,” the research addresses the high-voltage requirements of conventional NAND flash architecture. Traditional NAND’s series-connected cells require substantial pass voltage, consuming significant energy and complicating multi-level cell storage. Samsung’s FeFET approach uses a gate stack consisting of zirconium-doped hafnium dioxide and an oxide semiconductor channel, exhibiting virtually no forward voltage while maintaining multi-level functionality. The technology could enable Penta-Level Cell (PLC) NAND with 5 bits per cell, a milestone NAND manufacturers have pursued for years. While Solidigm demonstrated 5-bit SSD technology three years ago, PLC-NAND has not achieved commercial viability due to durability concerns. Samsung’s FeFET approach may provide the foundation for practical PLC deployment, with researchers stating their work “paves the way for next-generation storage media with improved capacity, energy efficiency, and reliability.”

Source: Nature (research publication), ComputerBase

Seagate Achieves 7TB Per Platter in HAMR Laboratory Tests

Seagate has revealed significant progress in Heat-Assisted Magnetic Recording (HAMR) technology, achieving approximately 7TB per platter in laboratory tests—more than double current commercial densities. The company currently offers 30TB drives with conventional magnetic recording (CMR) and 32TB with shingled magnetic recording (SMR), equating to 3TB and 3.2TB per platter respectively across 10-platter designs. The 7TB per platter milestone, achieved using HAMR combined with SMR, enables a theoretical 70TB capacity in standard 10-platter configurations. However, commercial deployment remains years away. Seagate’s immediate focus is the Mozaic 4+ generation, offering 4TB per platter for 40TB total capacity, currently undergoing customer testing with mass production planned for the first half of 2026. The company’s roadmap projects HAMR and SMR technology will eventually reach 10TB per platter, enabling 100TB drives, though laboratory achievement isn’t expected until 2028 with mass production potentially delayed until 2032. Mozaic 4+ integrates the laser unit directly into the wafer, reducing manufacturing costs compared to Mozaic 3+’s externally manufactured and mounted mini-lasers. Further density increases beyond 10TB per platter will require new magnetic disk materials to accommodate even denser magnetic grain arrangements.

Source: Seagate (official), ComputerBase

Additional Industry Updates

Samsung T7 Resurrected: Samsung has launched the T7 Resurrected external SSD, featuring a casing made entirely from recycled aluminum waste generated during Galaxy smartphone production. The drive maintains identical specifications to the original T7, including USB 3.2 Gen 2 interface, up to 1,050 MB/s read and 1,000 MB/s write speeds, and AES 256-bit encryption. Available in 1TB ($120), 2TB ($206), and 4TB ($379) capacities, the silver-colored drive emphasizes sustainability through undyed aluminum and recycled paper packaging.

Source: Samsung (official)

DataLocker FIPS 140-3 Achievement: DataLocker has become the world’s first vendor to achieve FIPS 140-3 Level 3 validation across both portable hard drive and USB flash drive categories while maintaining full TAA compliance. The DL4 portable hard drive and Sentry K350 flash drive feature smartscreen technology providing visual password confirmation, replacing traditional blind PIN-pad interfaces. Both products support complex alphanumeric passwords and offer centralized SafeConsole management.

Source: DataLocker (official)

UniFi 5G Max Launch: Ubiquiti has introduced the UniFi 5G Max lineup, including an indoor model (shipping now), outdoor variant (January 2026), and Dream Router 5G Max (February 2026). The devices deliver up to 3.4 Gbps 5G connectivity with automatic PoE adoption as WAN interfaces, dual SIM support, and full carrier unlocking. The Dream Router 5G Max integrates WiFi 7, local storage, and complete UniFi OS application support.

Source: Ubiquiti (official)

Synology Taiwan Restructuring: Synology has announced organizational changes in its Taiwan division, with former Taiwan Business Director Chih-Peng Kao leading sales and marketing efforts. The restructuring aims to capitalize on growing demands for data management, cybersecurity, and AI applications in enterprise, government, and education sectors.

Source: Synology (official)

Kingston Data Center Focus: Kingston Technology has emphasized the importance of PCIe Gen 5 storage and DDR5 memory for modern data centers, highlighting the transition from DDR4 to DDR5 for AI, machine learning, and big data analytics workloads. The company notes that global data volume is expected to exceed 394 zettabytes by 2028, necessitating highly efficient, low-latency storage solutions.

Source: Kingston Technology (official)

Where to Buy a Product
			VISIT RETAILER ➤
			VISIT RETAILER ➤
			VISIT RETAILER ➤
			VISIT RETAILER ➤

☕ WE LOVE COFFEE ☕

Or support us by using our affiliate links on Amazon UK and Amazon US