- Critical React2Shell Bug Now Exploited in the Wild by China-Linked Groups
- AWS reports global attacks against finance, logistics, retail, IT, universities and governments for persistence and espionage
- Attackers also abuse the NUUO camera bug; It is recommended to patch urgently.
Just as experts predicted, cybercriminals are now actively exploiting the critical severity vulnerability in React Server Components (RSC) that was discovered late last week. To make matters worse, the criminals seen abusing the bug appear to be working for the Chinese government.
Late last week, the React team published a security advisory detailing a pre-authentication bug in multiple versions of multiple packages, affecting RCS. Affected versions include 19.0, 19.1.0, 19.1.1, and 19.2.0, react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack. The bug, now named ‘React2Shell’, is tracked as CVE-2025-55182 and is assigned a severity score of 10/10 (critical).
Since React is one of the most popular JavaScript libraries in existence and powers much of the Internet today, researchers warned that exploitation was imminent, urging everyone to apply the fix without delay and update their systems to versions 19.0.1, 19.1.2, and 19.2.1.
how to defend
Now, Amazon Web Services (AWS) reports that two China-linked groups, Earth Lamia and Jackpot Panda, have been seen using the bug to target organizations in different verticals:
“Our analysis of exploitation attempts on AWS MadPot honeypot infrastructure has identified exploitation activity of IP addresses and infrastructure historically linked to known China state nexus threat actors,” said CJ Moses, CISO of Amazon Integrated Security, in a report shared with Hacker News earlier.
Targets are located around the world, from Latin America to the Middle East and Southeast Asia. Companies in financial services, logistics, retail, IT companies, universities and government organizations are being attacked, with the aim of establishing persistence and cyber espionage.
In addition to React2Shell, these two groups are also exploiting additional bugs in their attacks, including one in the NUUO camera (CVE-2025-1338).
React powers nearly two in five of all cloud environments. Facebook, Instagram, Netflix, Airbnb, Shopify, and other giants of today’s web rely on React, as well as millions of other developers.
Through Hacker News
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
