Five China-Nexus Groups Exploited React2Shell | Dec 13-17
Big Picture
Last week we covered React2Shell's immediate impact: the Cloudflare WAF rules that broke Shopify and Zoom, the CVSS 10.0 rating, the rapid weaponization.
This week's story is what came after: coordinated nation-state exploitation documented by Google, plus a significant policy shift from the UK government acknowledging fundamental limitations in AI security.
Also this week, we shipped something we've been working on for a while. Pixee for SCA uses AI agents to evaluate whether vulnerabilities are truly exploitable by contextually looking at deployment configuration, data flow, and API arguments rather than just call graphs. (Shameless plug I know, but it's relevant to the triage challenges we keep covering.)
Google Documents Coordinated React2Shell Exploitation
Google Threat Intelligence published detailed attribution this week, documenting five China-nexus threat groups actively exploiting React2Shell (CVE-2025-55182). The scale: 116,000+ vulnerable systems, backdoors deployed, credential harvesting campaigns running, tunneling malware establishing persistence.
Meanwhile, React disclosed three additional RSC vulnerabilities (CVE-2025-55183, CVE-2025-55184, CVE-2025-67779) discovered while researchers probed the original patches. Denial-of-service conditions and source code exposure surfaced specifically because researchers started examining RSC security more closely.
Takeaways
Framework-level vulnerabilities tend to reveal architectural security debt—attack surfaces that weren't comprehensively threat-modeled before release.
UK Government Acknowledges AI Security Limits
The UK's National Cyber Security Centre declared that prompt injection attacks on LLMs "can't be fully mitigated." Their recommendation: shift from prevention strategies to impact reduction.
This marks the first major government cybersecurity agency to officially acknowledge fundamental limitations in securing AI systems. The timing matters—OpenAI warned separately of "high cybersecurity risk" from frontier AI models the same week.
Takeaways
For security teams, the question remains how you reduce risk across these new attack surfaces when prevention isn't fully achievable.
Microsoft Signals Supply Chain Accountability Shift
Microsoft expanded its bug bounty program to include all third-party and open-source code in online services "in scope by default." Previously, researchers needed pre-approval to report vulnerabilities in dependencies. Now any third-party code flaw in Microsoft's production environment qualifies for bounty rewards.
Takeaways
When the largest software vendor declares third-party code "in scope by default," it signals something about where accountability is heading.