Tag: china
-
Chinese hackers exploiting React2Shell bug impacting countless websites, Amazon researchers say
The bug, tagged as CVE-2025-55182 and referred to colloquially as React2Shell, was reported to Meta by researcher Lachlan Davidson on November 29 and publicly disclosed on Wednesday, when a fix was rolled out. First seen on therecord.media Jump to article: therecord.media/chinese-hackers-exploiting-react2shell-vulnerability-amazon
-
Chinese Nation-State Groups Tied to ‘React2Shell’ Targeting
Validated, Weaponized Exploit Code for Widely Used Web Framework Bug Now Public. Warnings continue to mount over a critical vulnerability in the widely used web application framework React, with threat intelligence analysts warning that it’s being actively targeted by Chinese nation-state groups, and that a legitimate, weaponized proof-of-concept exploit is now public. First seen on…
-
Critical React2Shell flaw actively exploited in China-linked attacks
Multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) affecting React and Next.js just hours after the max-severity issue was disclosed. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/react2shell-critical-flaw-actively-exploited-in-china-linked-attacks/
-
Critical React2Shell flaw actively exploited in China-linked attacks
Multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) affecting React and Next.js just hours after the max-severity issue was disclosed. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/react2shell-critical-flaw-actively-exploited-in-china-linked-attacks/
-
Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability
Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) within hours of it becoming public knowledge.The vulnerability in question is CVE-2025-55182 (CVSS score: 10.0), aka React2Shell, which allows unauthenticated remote code execution. It has been addressed in React versions 19.0.1, 19.1.2, and 19.2.1.According…
-
China-Linked Warp Panda Targets North American Firms in Espionage Campaign
CrowdStrike warned that Warp Panda, a China-linked cyber-espionage group, is targeting US organizations to steal sensitive data and support Beijing’s strategic interests First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinalinked-warp-panda/
-
China-Nexus Hackers Target VMware vCenter Systems to Deploy Web Shells and Malware Implants
Throughout 2025, CrowdStrike has identified multiple intrusions targeting VMware vCenter environments at U.S.-based entities, in which newly identified China-nexus adversary WARP PANDA deployed BRICKSTORM malware. WARP PANDA exhibits sophisticated technical capabilities, advanced operations security skills, and extensive knowledge of cloud and virtual machine environments. In addition to BRICKSTORM, WARP PANDA has deployed JSP web shells…
-
China-Nexus Hackers Target VMware vCenter Systems to Deploy Web Shells and Malware Implants
Throughout 2025, CrowdStrike has identified multiple intrusions targeting VMware vCenter environments at U.S.-based entities, in which newly identified China-nexus adversary WARP PANDA deployed BRICKSTORM malware. WARP PANDA exhibits sophisticated technical capabilities, advanced operations security skills, and extensive knowledge of cloud and virtual machine environments. In addition to BRICKSTORM, WARP PANDA has deployed JSP web shells…
-
China-Nexus Hackers Exploiting React2Shell Vulnerability in Active Attacks
Within hours of the public disclosure of CVE-2025-55182 on December 3, 2025, Amazon threat intelligence teams detected active exploitation attempts from multiple China-nexus threat groups, including Earth Lamia and Jackpot Panda. This critical vulnerability in React Server Components carries a maximum CVSS score of 10.0 and poses an immediate threat to organizations running vulnerable versions…
-
BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions
Tags: apt, backdoor, china, cisa, cyber, cybersecurity, data-breach, espionage, infrastructure, threatCISA details BRICKSTORM, a China-linked backdoor used by China-linked APTs to secure long-term persistence on compromised systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed technical details on BRICKSTORM, a backdoor used by China state-sponsored threat actors to gain and maintain long-term persistence on compromised systems, highlighting ongoing PRC cyber-espionage activity. >>The Cybersecurity…
-
React2Shell critical flaw actively exploited in China-linked attacks
Multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) affecting React and Next.js just hours after the max-severity issue was disclosed. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/react2shell-critical-flaw-actively-exploited-in-china-linked-attacks/
-
CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People’s Republic of China (PRC) to maintain long-term persistence on compromised systems.”BRICKSTORM is a sophisticated backdoor for VMware vSphere and Windows environments,” the agency said. “…
-
CISA, NSA Alert on BRICKSTORM Malware Targeting VMware ESXi and Windows Systems
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), joined by Canadian cyber authorities, have issued a joint alert warning of a sophisticated new malware campaign dubbed >>BRICKSTORM.
-
CISA, NSA Alert on BRICKSTORM Malware Targeting VMware ESXi and Windows Systems
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), joined by Canadian cyber authorities, have issued a joint alert warning of a sophisticated new malware campaign dubbed >>BRICKSTORM.
-
Brickstorm Malware Hits US Critical Systems, CISA Warns
Chinese-Linked Malware Campaign Targets Critical Environments With Weak Monitoring. U.S. and Canadian cyber authorities say Chinese state-backed actors used a backdoor dubbed BRICKSTORM to maintain long-term access into critical infrastructure, exploiting VMware environments to exfiltrate credentials and evade detection through encrypted covert channels. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/brickstorm-malware-hits-us-critical-systems-cisa-warns-a-30195
-
CISA, NSA warn of China’s BRICKSTORM malware after incident response efforts
The Cybersecurity and Infrastructure Security Agency (CISA), NSA and Canadian Centre for Cyber Security published an advisory on Thursday outlining the BRICKSTORM malware based off an analysis of eight samples taken from victim organizations. First seen on therecord.media Jump to article: therecord.media/cisa-nsa-warn-brickstorm-china
-
Officials warn about expansive, ongoing China espionage threat riding on Brickstorm malware
The attacks, which have impacted dozens of organizations, date back at least three years, lasting an average of 393 days. And that’s just what’s been uncovered in the last four months. First seen on cyberscoop.com Jump to article: cyberscoop.com/china-brickstorm-malware-cyber-espionage-campaign-cisa-dhs-alert/
-
CISA Warns of ‘Ongoing’ Brickstorm Backdoor Attacks
State-sponsored actors tied to China continue to target VMware vSphere environments at government and technology organizations. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/cisa-ongoing-brickstorm-backdoor-attacks
-
5 Things To Know On VMware ‘Brickstorm’ Attacks
A wave of China-linked espionage attacks has been observed targeting VMware vSphere systems, and have gained long-term persistence in some cases, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). First seen on crn.com Jump to article: www.crn.com/news/security/2025/5-things-to-know-on-vmware-brickstorm-attacks
-
CISA warns of Chinese “BrickStorm” malware attacks on VMware servers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned network defenders of Chinese hackers backdooring VMware vSphere servers with Brickstorm malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-chinese-brickstorm-malware-attacks-on-vmware-servers/
-
Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China
The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China.The search engine optimization (SEO) poisoning campaign leverages Microsoft Teams lures to trick unsuspecting users into downloading a malicious setup file that leads to the deployment of ValleyRAT (Winos…
-
Student Sells Gov’t, University Sites to Chinese Actors
It’s the best deal going in cybercrime: fully compromised websites belonging to high-value organizations, for just a couple hundred bucks each. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/govt-university-sites-chinese-actors
-
Wie Unternehmen sich gegen neue KI-Gefahren wappnen
Tags: ai, china, cyberattack, cyersecurity, hacker, hacking, injection, iran, ml, penetration-testing, phishing, risk, tool, vulnerabilityKI ist nicht nur ein Tool für Hacker, sondern kann auch selbst zur Gefahr werden.In der Welt der Cybersicherheit gibt es ein grundlegendes Prinzip, das auf den ersten Blick widersprüchlich klingen mag: ‘Wir hacken, bevor Cyberkriminelle die Gelegenheit dazu bekommen.” Um dies umzusetzen und Produktionsstraßen oder Maschinen zu schützen, setzen Unternehmen wie Siemens auf zwei…
-
Wie Unternehmen sich gegen neue KI-Gefahren wappnen
Tags: ai, china, cyberattack, cyersecurity, hacker, hacking, injection, iran, ml, penetration-testing, phishing, risk, tool, vulnerabilityKI ist nicht nur ein Tool für Hacker, sondern kann auch selbst zur Gefahr werden.In der Welt der Cybersicherheit gibt es ein grundlegendes Prinzip, das auf den ersten Blick widersprüchlich klingen mag: ‘Wir hacken, bevor Cyberkriminelle die Gelegenheit dazu bekommen.” Um dies umzusetzen und Produktionsstraßen oder Maschinen zu schützen, setzen Unternehmen wie Siemens auf zwei…
-
Thailand seizes more than $300m in assets and issues 42 arrest warrants in cyberscam crackdown
Seizures and warrants involve Chinese-Cambodian tycoon Chen Zhi, who heads US-sanctioned Prince Group, and Cambodians Kok An and Yim LeakThailand has seized assets worth more than $300m, including shares in a major regional energy company, and issued arrest warrants for 42 people in a high-profile push against regional scam networks, officials said on Wednesday.Parts of…
-
‘ShadyPanda’ Hackers Weaponize Millions of Browsers
The China-based cyber-threat group has been quietly using malicious extensions on the Google Chrome and Microsoft Edge marketplaces to spy on millions of users. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/shadypanda-hackers-weaponize-browsers
-
Utilities Warn US Grid at Risk as Federal Cyber Funds Dry Up
Federal Cuts Threaten Grid Security as Nation-State Hackings Escalate, Analysts Say. Cybersecurity leaders told Congress that U.S. energy systems are already compromised by state-backed actors – chiefly China – and warned that shrinking federal support for grid security programs threatens to worsen exposure as utilities face escalating threats with limited resources. First seen on govinfosecurity.com…
-
Arizona AG Sues Temu Over ‘Stealing’ User Data
The suit alleges the Chinese retailer’s app secretly accesses and harvests users’ sensitive information without their knowledge or consent. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/arizona-ag-temu-stealing-user-data
-
The Congressional remedy for Salt Typhoon? More information sharing with industry
A year after Chinese hackers were found in U.S. telecom networks, Congress and federal agencies have taken few concrete actions to stop the next hack. First seen on cyberscoop.com Jump to article: cyberscoop.com/salt-typhoon-senate-commerce-hearing-fcc-telecom-cybersecurity/
-
South Korean E-Commerce Giant Coupang Probes Massive Breach
Chinese Developer Formerly Employed by Company Suspected of Data Theft. South Korea’s biggest online retailer, Coupang, said a five-month breach exposed personal data pertaining to 34 million customers, and only came to light after it received an extortion demand. Police said a former developer at the company, a Chinese national who fled the country, is…