- A critical React2Shell flaw now wildly exploited by groups linked to China
- AWS reports global targeting of finance, logistics, retail, IT, academia, and government for persistence and espionage.
- Attackers also abuse the NUUO camera bug; urgent fix is advised
As experts predicted, cybercriminals are now actively exploiting the critical severity vulnerability in React Server Components (RSC), discovered late last week. Worse yet, the scammers observed abusing the bug appear to be working for the Chinese government.
Late last week, the React team released a security advisory detailing a pre-authentication bug in multiple versions of multiple packages, affecting RCS. Affected versions include 19.0, 19.1.0, 19.1.1, and 19.2.0, react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack. The bug, now named “React2Shell,” is tracked as CVE-2025-55182 and receives a severity score of 10/10 (critical).
Since React is one of the most popular JavaScript libraries and powers much of today’s Internet, researchers warned that its exploitation was imminent, urging everyone to apply the patch without delay and update their systems to versions 19.0.1, 19.1.2, and 19.2.1.
How to defend
Today, Amazon Web Services (AWS) reports that two China-linked groups, Earth Lamia and Jackpot Panda, have been seen using the bug to target organizations in different industries:
“Our analysis of exploitation attempts in the AWS MadPot honeypot infrastructure identified exploitation activity from IP addresses and infrastructure historically linked to known Chinese state threat actors,” said CJ Moses, CISO of Amazon Integrated Security, in a report shared with Hacker news earlier.
Targets are located all over the world, from Latin America to the Middle East and Southeast Asia. Financial services, logistics, retail, IT companies, universities and government organizations are all under attack, with the aim of the attacks being to establish persistence and cyberespionage.
In addition to React2Shell, these two groups also exploit additional bugs in their attacks, including one in the NUUO camera (CVE-2025-1338).
React powers nearly two out of five cloud environments. Facebook, Instagram, Netflix, Airbnb, Shopify, and other web giants of today all rely on React, along with millions of other developers.
Via Hacker news
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
