Surge in attacks targeting newly disclosed React flaw.

Threat actors began exploiting the React2Shell vulnerability almost immediately after patches were released on December 3, targeting systems running React 19 with Server Components enabled. Security scans show tens of thousands of potentially exposed instances worldwide, though researchers note the flaw affects a relatively new and narrow configuration. Cloud providers and security firms report active campaigns involving credential theft, malware deployment, and attempts to compromise AWS environments, with several China‑linked groups among the actors exploiting the bug. CISA has confirmed in‑the‑wild attacks and ordered federal agencies to remediate the issue by December 26.

Read more:

https://www.securityweek.com/exploitation-of-react2shell-surges/