Date: December 2025
Severity: CRITICAL
- Executive Summary
- THREAT 1: React2Shell Vulnerability (CVE-2025-55182)
- 1.1 Technical Description
- 1.2 Active Exploitation in the Wild
- 1.3 URGENT Remediation Actions
- 1.4 Preventive Measures with Rainforest.tech
- THREAT 2: Malicious Extensions in the VSCode Marketplace
- 2.1 Problem Description
- 2.2 Observed Attack Tactics
- 2.3 Identified Malicious Extensions (Recent Examples)
- 2.4 Remediation and Prevention Measures
- 2.5 Protection with Rainforest.tech
- THREAT 3: Supply Chain Attacks – Malicious npm and PyPI Packages
- 3.1 Threat Landscape
- 3.2 Common Attack Tactics
- 3.3 Typical Malicious Payloads
- 3.4 Indicators of Malicious Packages
- 3.5 Remediation and Prevention Measures
- 3.6 Comprehensive Protection with Rainforest.tech
- CONCLUSION AND FINAL RECOMMENDATIONS
- Strategic Priorities
Executive Summary
This technical bulletin covers three critical attack vectors currently impacting organizations worldwide: the React2Shell vulnerability (CVE-2025-55182) actively exploited by Chinese APT groups, malicious extensions in the VSCode Marketplace compromising development environments, and the escalation of software supply chain attacks through malicious packages in npm and PyPI.
Estimated Impact:
- More than 77,000 IP addresses vulnerable to React2Shell
- 30+ organizations already compromised, including Fortune 500 companies
- 229 million installations of VSCode extensions containing malicious code
- Billions of weekly downloads of compromised npm/PyPI packages
THREAT 1: React2Shell Vulnerability (CVE-2025-55182)
1.1 Technical Description
- CVE: CVE-2025-55182 (also known as React2Shell)
- CVSS Score: 10.0 (CRITICAL)
- Affected Component: React Server Components –
Flightprotocol
The vulnerability allows unauthenticated remote code execution (RCE) via insecure deserialization in the Flight protocol used by React Server Components. An attacker can send a malicious HTTP request to any Server Function endpoint and obtain arbitrary execution of privileged JavaScript code on the server.
Critical characteristic: Applications are vulnerable even if they do not explicitly implement Server Functions, as long as they support React Server Components.
Affected Versions:
- React: 19.0, 19.1.0, 19.1.1, 19.2.0
- Next.js: 15.x and 16.x (when using App Router)
- Affected frameworks and tooling: React Router, Waku, Redwood SDK, Parcel, Vite (RSC plugins)
1.2 Active Exploitation in the Wild
Status: CONFIRMED ACTIVE EXPLOITATION
Threat actors identified exploiting the vulnerability:
- Earth Lamia (Chinese APT)
- Jackpot Panda (Chinese APT)
- CL-STA-1015 (Initial Access Broker linked to Chinese MSS)
Observed malicious activity:
- Server reconnaissance (
whoami,id, reading/etc/passwd) - Attempts to steal AWS credentials (
.aws/configfiles) - Installation of trojans (SNOWLIGHT, VShell)
- Interactive shells in containers (Kubernetes / GKE)
- Persistence through fileless execution of malicious scripts
Alarmingly:
- 39% of scanned cloud environments contain vulnerable instances (Wiz data)
- Exploitation success rate is close to 100%
- 77,000+ exposed and vulnerable IP addresses
- Exploitation began hours after public disclosure
1.3 URGENT Remediation Actions
IMMEDIATE ACTION – MANDATORY:
- Update React to patched versions:
- React 19.0.1, 19.1.2, or 19.2.1
- Update Next.js (if applicable):
- Next.js 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, or 16.0.7
- Use:
npx fix-react2shell-nextfor automated upgrades
- Perform full rebuild and redeploy of affected applications
- Rotate secrets (for applications exposed on or around December 4th):
- AWS / Azure / GCP credentials
- API tokens
- Database passwords
- Encryption keys
- Implement WAF rules (temporary mitigation – does NOT replace patching):
- AWS WAF:
AWSManagedRulesKnownBadInputsRuleSetversion 1.24+ - Cloudflare: Updated detection rules applied automatically
- Google Cloud: Cloud Armor with React2Shell-specific rules
- Review access logs for Indicators of Compromise (IoCs):
- Requests to Server Function endpoints with suspicious payloads
- DNS queries to
*.oast.liveor*.oastify.com(OAST – Out-of-Band testing) - Unexpected processes spawned by Next.js/React applications
- Anomalous outbound connections from containers
1.4 Preventive Measures with Rainforest.tech
How Rainforest.tech protects your organization:
- ✓ Automatic Detection of Vulnerable Dependencies
Our SCA module automatically identifies all vulnerable React 19.x instances in your code, including transitive dependencies you might not be aware of. - ✓ AI-Powered Reachability Analysis
We determine whether vulnerable React Server Components code is actually reachable in your applications. If your code does not use RSC, you receive properly prioritized alerts – not noise. - ✓ Contextualized Prioritization
We combine exposure data (internet-facing application?), asset criticality, and exploitability analysis to prioritize remediation where the risk is real. - ✓ Continuous Monitoring
Continuous scanning of all repositories, container registries, and cloud environments. When a new critical CVE emerges (such as React2Shell), you are alerted in minutes, not days. - ✓ CI/CD Integration
Block builds that introduce vulnerable React/Next.js versions before they reach production. Automated guardrails prevent developers from accidentally deploying vulnerable code.
THREAT 2: Malicious Extensions in the VSCode Marketplace
2.1 Problem Description
The VSCode Marketplace, with approximately 50,000 extensions, has become a critical supply chain attack vector. Researchers have identified hundreds of malicious extensions with capabilities including:
- Theft of complete source code and intellectual property
- Exfiltration of credentials (GitHub tokens, AWS keys, SSH keys)
- Installation of cryptominers (e.g., XMRig)
- Backdoors and remote shells
- Keyloggers and screen capture
- Clipboard monitoring to steal cryptocurrency wallets
Scale of the problem:
- 229 million installations of extensions with confirmed malicious code
- 1,283 extensions containing dependencies with known vulnerabilities
- 550+ validated secrets exposed in extensions (PATs, API keys, AI tokens)
- 100+ organizations compromised, including companies with a combined $483B market cap
2.2 Observed Attack Tactics
- Typosquatting and Name Confusion
- Malicious extensions mimic popular names with small variations
- Examples:
prettiest javavsPrettier-JavaTheme Darcula darkto hijack installs from the popular Dracula theme
- Trojan Horse – Legit Functionality + Malicious Payload
- Extensions provide the promised functionality (formatting, themes, etc.) to avoid suspicion while executing malicious code in the background.
- Supply Chain Hijack – Malicious Update Later
- Attackers publish initially benign extensions, gain traction and trust, then introduce malicious code in later updates.
- Since VSCode updates extensions automatically by default, payloads are silently distributed.
- Fraudulent Verified Publisher Badges
- Attackers register related domains and verify them in the VSCode Marketplace to obtain the “blue badge” of a verified publisher, creating false credibility.
- Exfiltration via Legitimate Channels
- Use of services like Zulip, Ngrok, and other legitimate platforms for C2 and data exfiltration, making firewall-based detection harder.
2.3 Identified Malicious Extensions (Recent Examples)
| Extension | Downloads | Malicious Payload |
|---|---|---|
| Theme Darcula dark | 45,000+ | Theft of PII and developer configuration data |
| C++ Playground | 17,000+ | Keylogger capturing C++ source code |
| HTTP Format | Unknown | Cryptomining (CoinIMP) |
| Christine-devops1234.scraper | Active | Theft of code, machine IDs, search queries |
| Codo AI (Bitcoin Black) | Recent | Infostealer with hidden PowerShell execution |
2.4 Remediation and Prevention Measures
Immediate Actions:
- Audit all currently installed extensions
- Remove extensions from unverified or low-reputation publishers
- Review ratings, update history, and installation counts
- Disable auto-update for extensions in critical environments
Best Practices:
- Minimize the number of installed extensions
- Prefer the official VSCode Marketplace (stricter controls) over OpenVSX
- Implement a centralized allowlist of approved extensions
- Maintain an inventory of IDE extensions for rapid incident response
- Isolate development environments from production networks
- Review the code of critical extensions before adoption
2.5 Protection with Rainforest.tech
How Rainforest.tech identifies IDE-related risks:
- ✓ Secret Detection in Code
Our Secrets Detection module identifies tokens, API keys, and hardcoded credentials that could be exposed if a malicious extension exfiltrates your source code. - ✓ SCM Posture Management
Monitor GitHub/GitLab/Azure DevOps configurations to detect excessive permissions that malicious extensions could abuse. - ✓ Development Dependency Analysis
Even if we cannot directly scan VSCode extensions, we analyze all npm/PyPI dependencies in your projects — including dev dependencies that might be leveraged by malicious extensions. - ✓ Anomalous Behavior Alerts
Detection of suspicious patterns such as massive code commits, unexpected configuration file changes, or abnormal outbound connections.
THREAT 3: Supply Chain Attacks – Malicious npm and PyPI Packages
3.1 Threat Landscape
Software supply chain attacks through open-source package repositories are rising sharply. In 2024–2025, coordinated campaigns have targeted npm and PyPI simultaneously, with threat actors reusing the same techniques across ecosystems.
Alarming Statistics:
- September 2025: 20 popular npm packages (2 billion weekly downloads) compromised via maintainer phishing
- June 2025:
@gluestack-uiand@react-native-ariapackages compromised (cumulative 150K installs) - 14 of 23 crypto-motivated campaigns in 2024 targeted npm (the rest targeted PyPI)
- Cross-ecosystem attacks: The same actor MUT-8694 targeting both npm and PyPI simultaneously
3.2 Common Attack Tactics
- Maintainer Compromise (Account Takeover) Vectors:
- Phishing for npm/PyPI credentials using fake login pages
- Adversary-in-the-Middle (AiTM) attacks capturing 2FA
- Theft of Personal Access Tokens (PATs) Example:
- Maintainer of
chalkanddebug(npm) received a fake email fromsupport@npmjs[.]helprequesting a 2FA update. - Result: 20 packages were compromised.
- Typosquatting and Name Confusion
- PyPI:
graphalgo(malicious) vsgraphdict(legit) - npm:
express-cookie-parser(malicious) vscookie-parser(legit) - Cross-ecosystem: using npm-like names to attack PyPI users
- Dependency Confusion
- Attackers discover names of internal private packages and publish malicious public versions with higher version numbers.
- Misconfigured package managers then pull the malicious public version.
- Trojan Source – Malicious Update Later
- Example: PyPI package
semantic-typeswas benign at its initial publication (2024-12-22), but a malicious payload was introduced in an update (2025-01-26).
- Fake Job Assessments
- Attackers pose as recruiters and ask candidates to clone GitHub repositories containing malicious npm packages as part of a “technical assessment.”
3.3 Typical Malicious Payloads
Infostealers:
- Browser credentials (Chrome, Firefox, Brave, Opera)
- Cryptocurrency wallets (Bitcoin, Ethereum, Solana)
- GitHub tokens, AWS keys,
.envsecrets - Git configurations (
.gitconfig) - iCloud Keychain data
Backdoors and RATs:
- Remote command execution via C2
- Keylogging and screen capture
- File system scanning and source code exfiltration
Cryptominers:
- XMRig (Monero mining) consuming host resources
Wipers and Destructive Payloads:
- Recursive file deletion (
rm -rf *,rd /s /q) - Service shutdown and data corruption
Crypto Hijackers:
- Monkey-patching Solana keypair generation functions
- Intercepting and redirecting cryptocurrency transactions
3.4 Indicators of Malicious Packages
Red Flags:
- Typosquatting or name very similar to a popular package
- New or unverified publisher
- Overly polished README for a newly released package
- Obfuscated code (base64, hex encoding) in initialization files
- Execution of system commands (PowerShell, bash,
curl/wget) - Undocumented network connections to unknown IPs or domains
- Use of DGA (Domain Generation Algorithms) for C2
- PATH manipulation or persistence installation
- Download numbers that are suspiciously high for a new package
3.5 Remediation and Prevention Measures
Immediate Actions if Compromised:
- Identify malicious versions in use (inspect lock files)
- Remove compromised packages and downgrade to known safe versions
- Rotate all secrets that may have been exposed
- Audit access logs for signs of data exfiltration
- Check for persistence mechanisms (cron jobs, startup scripts, registry keys)
Best Practices:
- Dependency Locking:
- Use
package-lock.json(npm) andrequirements.txtwith hashes (PyPI). - Integrity Verification:
- Always verify checksums and signatures when available.
- Automated Scans:
- Integrate SCA tools into CI/CD pipelines.
- Manual Vetting:
- Review the code of new dependencies before adding them.
- Least Privilege:
- Avoid running builds as root/admin.
- Isolation:
- Use containers or sandboxes for builds.
- Monitoring:
- Set alerts for new dependency additions/updates.
- Education:
- Train developers on supply chain threats.
3.6 Comprehensive Protection with Rainforest.tech
Rainforest.tech – Your Definitive Defense Against Supply Chain Attacks
- ✓ Native SCA with Reachability Intelligence
We don’t just detect known vulnerabilities in your npm/PyPI dependencies — we determine whether vulnerable code is actually reachable in your application. This can reduce alert volume by up to 80%, allowing your team to focus on what truly matters. - ✓ Real-Time Detection of Malicious Packages
Our threat intelligence continuously monitors npm, PyPI, and other registries for new malicious packages. When campaigns like those described in this bulletin emerge, customers are immediately alerted if they are exposed. - ✓ Behavioral Analysis and Advanced Heuristics
We detect suspicious patterns such as: - Obfuscated code in dependencies
- Undocumented network calls
- Execution of suspicious system commands
- Typosquatting and dependency confusion
- ✓ Automatic, End-to-End SBOM
We generate a complete Software Bill of Materials (SBOM) for all your applications, including deep transitive dependencies. When a compromised package is discovered (e.g.,chalk,debug), you instantly know which applications are affected. - ✓ Automated Guardrails in CI/CD
Block builds that introduce: - Packages with vulnerabilities above your defined threshold
- Packages from untrusted or newly created publishers
- Dependencies with malicious behavior patterns
- Typosquatting variants of popular packages
- ✓ Cross-Ecosystem Visibility
Unified coverage for npm, PyPI, Maven, NuGet, RubyGems, and more. Threat actors move across ecosystems — our platform follows. - ✓ Risk-Based Contextual Prioritization
We consider: - Where the application runs (production vs. dev)
- External exposure (internet-facing?)
- Asset criticality (sensitive data?)
- Exploitability (PoC available? Active exploitation?)
- Reachability of vulnerable code
- ✓ Integration with Existing Tools
Jira, ServiceNow, Slack, Teams, PagerDuty — automate remediation workflows and keep all stakeholders aligned.
With Rainforest.tech, you’re not just detecting vulnerabilities — you’re proactively preventing threats from entering your software supply chain.
CONCLUSION AND FINAL RECOMMENDATIONS
The threat landscape described in this bulletin represents a dangerous convergence of software supply chain attack vectors:
- React2Shell shows how deserialization vulnerabilities can have massive impact in widely adopted frameworks.
- Malicious VSCode extensions prove that even developer tools have become attack vectors.
- Attacks on npm/PyPI reveal growing sophistication and cross-ecosystem coordination among threat actors.
Strategic Priorities
- Total Visibility
You cannot protect what you cannot see. Implementing comprehensive ASPM (Application Security Posture Management) is critical. - Intelligent Prioritization
With thousands of vulnerabilities reported, prioritizing based on real context (not just CVSS) is essential for efficiency. - Shift Left with Guardrails
Blocking vulnerabilities and malicious packages before they reach production is 10x more efficient than post-deployment remediation. - Rapid Response
When threats like React2Shell emerge, every hour matters. Having the ability to identify exposure and remediate within minutes can be the difference between a contained incident and a massive breach.
Rainforest.tech was built specifically to face these challenges. Our unified platform delivers the visibility, intelligence, and automation you need to protect your software supply chain in a constantly evolving threat landscape.


