- Critical React2Shell flaw now exploited in the wild by China-linked groups
- AWS reports global targeting of finance, logistics, retail, IT, universities, and governments for persistence and espionage
- Attackers also abuse NUUO Camera bug; urgent patching is advised
Just as the experts predicted, cybercriminals are now actively exploiting the critical severity vulnerability in React Server Components (RSC) that was discovered late last week. To make matters worse, the crooks observed abusing the bug seem to be working for the Chinese government.
Late last week, the React team published a security advisory detailing a pre-authentication bug in multiple versions of multiple packs, affecting RCS. The versions that are affected include 19.0, 19.1.0, 19.1.1, and 19.2.0, react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack. The bug, now dubbed 'React2Shell', is tracked as CVE-2025-55182, and is given a severity score of 10/10 (critical).
Given that React is one of the most popular JavaScript libraries out there and powers much of today’s internet, researchers warned that exploitation was imminent, urging everyone to apply the fix without delay and update their systems to versions 19.0.1, 19.1.2, and 19.2.1.
How to defend
Now, Amazon Web Services (AWS) reports that two China-linked groups, Earth Lamia and Jackpot Panda, have been seen using the bug to target organizations in different verticals:
"Our analysis of exploitation attempts in AWS MadPot honeypot infrastructure has identified exploitation activity from IP addresses and infrastructure historically linked to known China state-nexus threat actors," CJ Moses, CISO of Amazon Integrated Security, said in a report shared with The Hacker News earlier.
Targets are located all over the world, from Latin America to the Middle East and Southeast Asia. Financial services firms, logistics, retail, IT companies, universities, and government organizations are all being attacked - with the goal of the attacks being establishing persistence and cyber-espionage.
Besides React2Shell, these two groups are also leveraging additional bugs in their attacks, including one in the NUUO Camera (CVE-2025-1338).
React powers almost two in five of all cloud environments. Facebook, Instagram, Netflix, Airbnb, Shopify, and other giants of today’s web, all rely on React - as well as millions of other developers.
Via The Hacker News
➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.