React2Shell (CVE-2025-55182) actively exploited by threat actors

The report documents widespread, active exploitation of the React2Shell RCE (CVE-2025-55182), attributing activity to multiple actors—including China state‑nexus groups—and detailing observed post‑exploitation deployments such as VShell RAT (and ValleyRAT via DLL sideloading), MeshAgent, XMRig cryptomining scripts, and Mirai-like botnet payloads; it provides technical analysis (payloads, decryption, POC exploit), victimology (Vietnamese and Brazilian targets, government/education), and collated IOCs for detection and hunting.