Googleβs threat intelligence team links five additional Chinese hacking groups to attacks exploiting the critical React2Shell vulnerability (CVE-2025-55182). These exploits have resulted in breaches of numerous organizations globally, with threat actors stealing sensitive data and deploying malware. #React2Shell #CVE-2025-55182 #ChineseHackingGroups #NextjsVulnerability #AWSThreats
Keypoints
- The React2Shell vulnerability allows for remote code execution in React and Next.js applications.
- Multiple Chinese hacking groups, including UNC6600 and UNC6588, are actively exploiting this flaw.
- Over 116,000 IP addresses worldwide are vulnerable, with many in the United States.
- Threat actors are using the vulnerability to steal AWS credentials, configure files, and deploy backdoors.
- Organizations should urgently patch affected React versions and improve their security defenses.