Overview
- CISA added CVE-2025-55182 to its Known Exploited Vulnerabilities catalog and set a December 26 deadline for federal agencies to patch.
- Amazon reports exploitation attempts within hours of disclosure from infrastructure linked to China-nexus groups Earth Lamia and Jackpot Panda, with other telemetry showing broad opportunistic scanning.
- Palo Alto Networks Unit 42 says more than 30 organizations have been compromised, citing reconnaissance, attempts to steal AWS credentials, cryptomining, downloader activity, and deployments of Snowlight, VShell, and Cobalt Strike.
- The exposed attack surface is substantial, with Shadowserver detecting 77,664 vulnerable internet-facing IPs, Wiz estimating 39% of cloud environments at risk, and Censys tallying roughly 2.15 million potentially affected services.
- React released fixes in versions 19.0.1, 19.1.2, and 19.2.1 that require rebuilds and redeploys, public PoCs are circulating, and Cloudflare’s emergency WAF change to block attacks briefly caused a global outage.