Earth Lamia & Jackpot Panda Unleashed: React2Shell Rampage Rocks US Tech

This is your China Hack Report: Daily US Tech Defense podcast.Hey listeners, Ting here with your China Hack Report: Daily US Tech Defense, so let’s jack straight into the console.In the last 24 hours the big story is React2Shell, the critical React Server Components bug tracked as CVE-2025-55182. Amazon’s security team and CISO C.J. Moses say China‑nexus crews Earth Lamia and Jackpot Panda are hammering this flaw across the globe, including thousands of Internet‑facing systems in the United States, with a clear focus on finance, logistics, retail, IT providers, universities, and government networks. AWS MadPot honeypots watched one attacker from Chinese infrastructure spend almost an hour live‑debugging exploit payloads, which tells us this isn’t just spray‑and‑pray; this is determined reconnaissance and access building.Shadowserver scans, cited by The Hacker News, show tens of thousands of still‑vulnerable IPs, around ten thousand in the US alone, even though patches for React 19 and Next.js 15 and 16 are already available. That gap between “patch ready” and “patch deployed” is exactly where Earth Lamia and Jackpot Panda are digging in for persistence and espionage.At the same time, Amazon and several independent researchers report that these same or closely related China‑linked clusters are chaining React2Shell with older bugs like the NUUO camera vulnerability CVE‑2025‑1338. That puts US physical security, especially facilities that rely on IP cameras and edge devices, squarely in the blast radius: think ports, logistics hubs, and municipal infrastructure where video feeds and web apps live on the same flat networks.On the malware side, CISA, NSA, and Canadian partners have just pushed a fresh joint advisory on the Brickstorm backdoor, a Go‑based ELF and Windows malware used by Chinese state‑sponsored groups such as Warp Panda against VMware vSphere and vCenter in government and IT environments. According to ITPro and Risky Business, Brickstorm hides inside hypervisors, runs continuous self‑health checks, and even acts as a SOCKS proxy for lateral movement, giving Beijing‑linked operators long‑term, nearly invisible access to US and allied critical infrastructure.So what are today’s emergency moves? CISA and NSA are pushing US organizations to immediately patch all React and Next.js stacks exposed to the Internet, disable or strictly lock down unused React Server Components features, and crank up WAF rules to block known React2Shell payload patterns. For Brickstorm, they are urging critical infrastructure, government, and IT providers to hunt for the specific indicators of compromise in vSphere and Windows logs, audit vCenter access, rotate credentials and federation keys, and treat any unexplained rogue VM or snapshot access as a probable intrusion, not a glitch.For listeners in security teams: prioritize external React and Next.js apps, camera management interfaces, and virtualization management planes in your next 24‑hour scan. If you’re running anything that looks like CVE‑2025‑55182 or Brickstorm territory and you haven’t patched or hunted yet, assume Earth Lamia or Warp Panda has at least rattled your doorknob.I’m Ting, thanks for tuning in to China Hack Report: Daily US Tech Defense. Don’t forget to subscribe so you don’t miss tomorrow’s threat run‑down. This has been a quiet please production, for more check out quiet please dot ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

There are no comments yet.

Please log in to write the first comment.