Two hacking groups linked to China quickly exploited a critical React Server Components vulnerability, CVE-2025-55182, after its public disclosure. This exploit activity was observed targeting various sectors across multiple regions, highlighting a broad and systematic attack effort. #React2Shell #ChinaLinkedThreatActors
Keypoints
- Two China-associated hacking groups, Earth Lamia and Jackpot Panda, rushed to exploit the React2Shell vulnerability.
- The vulnerability allows unauthenticated remote code execution and has been patched in recent React versions.
- Threat actors have targeted sectors including finance, logistics, retail, universities, and government across Latin America, Middle East, and Southeast Asia.
- Exploitation involves scanning, executing commands, and reading sensitive files, indicating systematic and broad campaign strategies.
- Recent activity also includes exploitation of other vulnerabilities and supply chain attacks, demonstrating complex attack patterns.
Read More: https://thehackernews.com/2025/12/chinese-hackers-have-started-exploiting.html