"Amazon has warned that China-nexus hacking crews began hammering the critical React "React2Shell" vulnerability within hours of disclosure, turning a theoretical CVSS-10 hole into a live-fire incident almost immediately. In a new advisory, AWS said its threat intelligence teams "observed active exploitation attempts by multiple China state-nexus threat groups, including Earth Lamia and Jackpot Panda." Those attempts were captured through MadPot, Amazon's honeypot network, which logged scanning and exploit traffic tied to infrastructure previously linked to Beijing-aligned operators."
""China continues to be the most prolific source of state-sponsored cyber threat activity, with threat actors routinely operationalizing public exploits within hours or days of disclosure," wrote CJ Moses, CISO and VP of Security Engineering at Amazon. "Through monitoring in our AWS MadPot honeypot infrastructure, Amazon threat intelligence teams have identified both known groups and previously untracked threat clusters attempting to exploit CVE-2025-55182.""
AWS observed rapid exploitation attempts against a critical React vulnerability (React2Shell, CVE-2025-55182) within hours of public disclosure. Multiple China state-nexus groups, including Earth Lamia and Jackpot Panda, launched scanning and exploit traffic captured by Amazon's MadPot honeypots. Attackers sent specially crafted HTTP requests leveraging public proof-of-concept exploits to exploit unsafe deserialization in React Server Components and dependent frameworks such as Next.js, enabling unauthenticated remote code execution. Security firm Wiz estimated roughly 39% of cloud environments still ran vulnerable versions, amplifying potential impact. The discovery underscores fast operationalization of public exploits by state-aligned actors and broad exposure across the modern web.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]