React2Shell vuln exploited by China, Iran, Google warns

React2Shell vuln exploited by China, Iran, Google warns

: Who hasn't exploited this max-severity flaw?

Google Finds Five China-Nexus Groups Exploiting React2Shell Flaw

Researchers with Google Threat Intelligence Group have detected five China-nexus threat groups exploiting the maximum-security React2Shell security flaw to drop a number of malicious payloads, from backdoors to downloaders to tunnelers. The post Google Finds Five China-Nexus Groups Exploiting React2Shell Flaw appeared first on Security Boulevard.

Google Finds Server Takeovers Linked to React2Shell Exploitation

Google is warning that multiple threat actor groups are actively exploiting a critical vulnerability in React Server Components, allowing attackers to take full control of vulnerable servers without authentication.  The flaw, known as React2Shell, has quickly become a high-value target following its public disclosure, with attackers ranging from nation-state espionage groups to financially motivated cybercriminals. The “… number of legitimate ex…

React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors

The security vulnerability known as React2Shell is being exploited by threat actors to deliver malware families like KSwapDoor and ZnDoor, according to findings from Palo Alto Networks Unit 42 and NTT Security. "KSwapDoor is a professionally engineered remote access tool designed with stealth in mind," Justin Moore, senior manager of threat intel research at Palo Alto Networks Unit 42, said in a

China, Iran Are Having a Field Day With React2Shell, Google Warns

A critical React vulnerability (CVE-2025-55182) is being actively exploited at scale by Chinese, Iranian, North Korean, and criminal groups to gain remote code execution, deploy backdoors, and mine crypto. The Register reports: React maintainers disclosed the critical bug on December 3, and exploitation began almost immediately. According to Amazon's threat intel team, Chinese government crews, including Earth Lamia and Jackpot Panda, started ba…

ZnDoor Malware Exploiting React2Shell Vulnerability to Compromise Network Devices

Since December 2025, a concerning trend has emerged across Japanese organizations as attackers exploit a critical vulnerability in React/Next.js applications. The vulnerability, tracked as CVE-2025-55182 and known as React2Shell, represents a remote code execution flaw attracting widespread exploitation. While initial attacks primarily deployed cryptocurrency miners, security researchers uncovered more sophisticated threats targeting network inf…