- Critical React2Shell flaw now being exploited in the wild by China-linked groups
- AWS reports global targeting of finance, logistics, retail, IT, universities and governments for persistence and espionage
- Attackers also exploit the NUUO Camera bug; urgent patching is advised
Just as the experts predicted, cybercriminals are now actively exploiting the critical severity vulnerability in React Server Components (RSC), which was discovered late last week. To make matters worse, the crooks who have observed exploits of the flaw appear to be working for the Chinese government.
Late last week, the React team published a security advisory detailing a pre-authentication bug in multiple versions of multiple packages that affects RCS. The affected versions include 19.0, 19.1.0, 19.1.1, and 19.2.0, react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack. The bug, now dubbed ‘React2Shell’, is tracked as CVE-2025-55182 and given a severity score of 10/10 (Critical).
Given that React is one of the most popular JavaScript libraries out there and powers much of today’s Internet, researchers warned that exploitation was imminent and urged everyone to apply the patch without delay and update their systems to version 19.0.1, 19.1.2 and 19.2.1.
how to defend
Now, Amazon Web Services (AWS) is reporting that two China-affiliated groups, Earth Lamia and Jackpot Panda, have been seen using the flaw to target organizations in different verticals:
“Our analysis of exploit attempts in AWS MadPot honeypot infrastructure has identified exploit activity from IP addresses and infrastructure historically associated with known Chinese state threat actors,” said CJ Moses, CISO at Amazon Integrated Security, in a report shared with Hacker News previous.
Targets are located all over the world, from Latin America to the Middle East and Southeast Asia. Financial services companies, logistics, retail, IT companies, universities and government organizations are all being attacked – with the aim of the attacks being to establish persistence and cyber espionage.
In addition to React2Shell, these two groups are also exploiting additional flaws in their attacks, including one in the NUUO camera (CVE-2025-1338).
React powers nearly two out of five of all cloud environments. Facebook, Instagram, Netflix, Airbnb, Shopify and other giants of today’s web all rely on React – as well as millions of other developers.
Via Hacker News
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
