This is your Dragon's Code: America Under Cyber Siege podcast.
I’m Ting, and listeners, America’s under cyber siege again – welcome to Dragon’s Code.
This week’s star of the show is a nasty little bug called React2Shell, also known as CVE-2025-55182, a max‑severity flaw in React Server Components that lets attackers run code on a server without logging in. Google’s Threat Intelligence team and Amazon’s threat intel crew both say at least five China‑nexus espionage units – names like UNC6600, UNC6586, UNC6588, UNC6595, and UNC6603, plus Earth Lamia and Jackpot Panda – have been hammering it within hours of disclosure, using it as their front door into US and allied infrastructure.
Here’s the play: they scan the internet for unpatched React and Next.js apps, pop the box with React2Shell, then drop payloads. Google and Cybersecurity‑Help report Chinese crews deploying Minocat tunnelers, Snowlight and Hisonic backdoors, Compood implants, and ANGRYREBEL.Linux malware, often hiding command‑and‑control in legitimate cloud services like AWS and Alibaba Cloud. Once in, they pivot toward crown‑jewel systems: cloud management consoles, identity providers, and in some cases operational technology that runs real‑world infrastructure.
Lawfare warns that Chinese hackers are already present in US critical infrastructure operational tech – the sensors, valves, and switches that keep power, water, and fuel flowing – and that “air‑gapping” is basically a myth. Those Chinese‑made devices with surprise internet capabilities? They’re the perfect bridge from a compromised web app to the gear that keeps a military base or city alive.
We’ve seen this pattern before. The FCC’s new Federal Register order revisits the Salt Typhoon campaign, a PRC‑sponsored group that quietly infiltrated at least eight US communications carriers by abusing known CVEs and sloppy network hygiene. After that, the FCC stood up a Council on National Security and pushed carriers into accelerated patching, tighter access controls, better log review and threat hunting, zero‑trust architectures, and aggressive info‑sharing with federal partners.
On the defensive side this week, CISA updated its cybersecurity performance goals for critical infrastructure, emphasizing rapid patching of internet‑facing software, strict control of remote access into OT, continuous monitoring, and vendor risk management. Senator Mark Warner and other officials are publicly warning that Chinese intrusions into telecom and infrastructure are accelerating, supercharged by AI‑driven reconnaissance and exploit development.
The big lessons experts keep repeating: if you run React or Next.js, patch React2Shell yesterday; assume Chinese operators are already scanning your stuff; stop trusting that OT is isolated; and treat cloud, telecom, and industrial control as one attack surface, not three.
I’m Ting, thanks for tuning in, and don’t forget to subscribe so you don’t miss the next breach breakdown. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
