All news with #aws tag

React2Shell RCE Actively Exploited by Multiple Threat Actors

🔴 The newly disclosed React2Shell vulnerability (CVE-2025-55182) is being actively exploited in the wild and carries a CVSS v3.1 score of 10. AWS has attributed exploitation attempts to state-linked groups including Earth Lamia and Jackpot Panda, while multiple proof-of-concept exploits have rapidly appeared. Broad scans from Shadowserver and Censys show tens of thousands to over two million potentially affected instances, and defenders are urged to apply the published React security updates immediately.

AWS launches Spatial Data Management (SDMA) solution

🗺️ Spatial Data Management on AWS (SDMA) centralizes multimodal spatial assets — 3D, geospatial, behavioral, and temporal data — into a secure, highly available cloud repository. It automates metadata extraction for formats such as .LAZ, .E57, .GLB, and .GLTF, provides REST APIs and customizable connectors, and offers web and desktop interfaces with auto-generated previews to accelerate validation without large downloads. SDMA is designed to simplify integrations, governance, and discoverability to speed operational insights across AWS regions.

React2Shell RCE Exploited, 77K+ IPs and 30+ Breaches

🔴 React2Shell (CVE-2025-55182) is an unauthenticated remote code execution flaw in React Server Components and frameworks like Next.js, disclosed on December 3, 2025. A public proof-of-concept on December 4 accelerated automated scanning and exploitation; Shadowserver found 77,664 vulnerable IPs (≈23,700 in the US), and Palo Alto reports more than 30 breached organizations. Observed attacks use PowerShell stages, AMSI bypass and Cobalt Strike; mitigation requires updating React, rebuilding and redeploying apps, and reviewing logs for post-exploitation indicators.

React2Shell RCE Exploits Observed in the Wild at Scale

⚠️ Patches for the React2Shell vulnerability should be prioritized: researchers report active, largely automated exploitation attempts targeting React Server Components and Next.js. Public proof-of-concept code has been reused by attackers, with initial payloads performing lightweight proof-of-execution checks and staged PowerShell download-and-execute stagers. Vendors including JFrog, Wiz and Greynoise warn of fake PoCs on GitHub, cryptojacking, credential theft attempts, and Mirai-style kit integration, while AWS reports state-linked groups targeting exposed apps — making immediate remediation and verification essential.

Amazon OpenSearch Service Adds Automatic Semantic Enrichment

🔍 Amazon OpenSearch Service now provides automatic semantic enrichment for managed domains, extending an earlier capability from OpenSearch Serverless to managed clusters and enabling semantic search with minimal configuration. The feature performs semantic processing automatically so customers do not need to manage ML models. It supports English-only and multilingual variants across 15 languages (including Arabic, French, Hindi, Japanese, and Korean) and is billed based on ingestion usage as OpenSearch Compute Unit (OCU) - Semantic Search. The capability requires OpenSearch 2.19 or later and is currently available for non‑VPC domains in selected AWS Regions; see the OpenSearch Service documentation for setup and configuration details.

Amazon SES Mail Manager Expands to 10 More Regions

📢 Amazon SES Mail Manager is now available in 10 additional commercial AWS Regions, bringing total coverage to 27 Regions and aligning Mail Manager availability with where SES Outbound is offered. Mail Manager centralizes email routing, governance, and compliance controls for domain-based sending, helping organizations replace legacy relays and streamline integrations with mailbox providers and email security vendors. It also supports onward delivery to WorkMail, built-in archiving with search and export, and console-based third-party security add-ons to simplify operations.

Amazon SageMaker enables self-service notebook migration

🔁 Amazon SageMaker Notebook instances now support self-service migration via the PlatformIdentifier parameter in the UpdateNotebookInstance API. You can update unsupported platform identifiers (notebook-al1-v1, notebook-al2-v1, notebook-al2-v2) to supported versions (notebook-al2-v3, notebook-al2023-v1) while preserving data and configurations. The capability is available through AWS CLI (v2.31.27+) and SDKs in all Regions where Notebook instances are supported. This simplifies keeping instances current and reduces manual migration effort.

Amazon SES Adds VPC Endpoints for API Access in All Regions

🔒 Amazon Simple Email Service (SES) now supports accessing SES API endpoints via Virtual Private Cloud (VPC) endpoints. Customers can use VPC endpoints to send email and manage SES resource configuration without routing API traffic through an internet gateway, reducing exposure of VPC activity to the public internet. The capability is available in all AWS Regions where SES is offered, simplifying private network architectures.

Amazon Connect Outbound Campaigns Adds WhatsApp Support

📣 Amazon Connect Outbound Campaigns now supports WhatsApp, enabling proactive, automated messaging for appointment reminders, payment notifications, order updates, and product recommendations. Administrators can configure WhatsApp campaigns in the existing Amazon Connect interface—define target audiences, personalize message templates, schedule delivery, and apply compliance guardrails alongside SMS, voice, and email. Messages can leverage real-time customer data and include delivery and engagement tracking as well as frequency controls to maintain compliance. This capability is available in all AWS Regions that support Outbound Campaigns.

Pegasus 1.2 Available with Global Cross-Region Inference

📣 Amazon Bedrock now offers TwelveLabs Pegasus 1.2 via Global cross-Region inference, expanding availability by 23 new Regions in addition to the seven where it was already supported. You can also access the model in all EU Regions using Geographic cross-Region inference to meet data-residency requirements. Pegasus 1.2 is a video-first model for long-form video-to-text generation and temporal understanding, enabling lower latency and simplified architecture for video-intelligence applications.

AWS Elastic Beanstalk: Node.js 24 on AL2023 Now Available

🚀 AWS Elastic Beanstalk now supports Node.js 24 on Amazon Linux 2023 (AL2023), enabling developers to deploy applications that benefit from the latest V8 engine updates, npm 11, and platform-level security and performance improvements. You can create environments via the Elastic Beanstalk Console, CLI, or API. The platform is available in all commercial AWS Regions, including AWS GovCloud (US).

Amazon Connect Customer Profiles adds Spark SQL segments

🔍 Amazon Connect Customer Profiles now offers Beta segmentation powered by Spark SQL, enabling analysts to build sophisticated customer segments from both custom and standard profile objects. You can join objects, apply statistical functions such as percentiles, and standardize date fields for complex temporal analysis, or use the Segment AI assistant to translate natural language into Spark SQL. AI-generated queries include plain-language explanations and automatic membership estimates so you can review and validate results before deployment. These capabilities work alongside existing segmentation features and integrate with segment membership calls, Flow blocks, and Outbound Campaigns, and are available in all AWS regions where Customer Profiles is offered.

Chinese Threat Actors Rapidly Exploit React2Shell Flaw

⚠️ Within hours of public disclosure, two China-linked groups began exploiting the newly disclosed CVE-2025-55182 (React2Shell) remote code execution flaw in React Server Components. AWS telemetry from MadPot honeypots attributes activity to Earth Lamia and Jackpot Panda, showing attempts to run discovery commands such as "whoami", write files like "/tmp/pwned.txt", and read sensitive files such as "/etc/passwd". Vendors addressed the bug in React 19.0.1, 19.1.2, and 19.2.1, but attackers are concurrently scanning for other N-day flaws.

React2Shell critical flaw exploited by China-linked groups

⚠️React2Shell is a max-severity insecure deserialization vulnerability in the React Server Components 'Flight' protocol that allows unauthenticated remote execution of JavaScript on affected servers. Within hours of disclosure, AWS telemetry observed exploitation attempts by China-linked groups including Earth Lamia and Jackpot Panda, and multiple proof-of-concept exploits have been published. React and Next.js have released patches; administrators should apply updates, scan for vulnerable deployments, and monitor for known exploitation indicators.

Amazon Q Adds Analysis Support for Amazon SES Email Sending

🔍 Amazon Q now analyzes email sending in Amazon SES, enabling customers to ask natural-language questions about SES resource configuration, usage patterns, and deliverability issues. Q evaluates usage data and resource settings to surface optimization opportunities and troubleshooting steps, reducing the need for deep email-sending expertise. Support is available in all Regions where SES and Q are offered.

Elastic Beanstalk Adds Python 3.14 Support on AL2023

🐍 AWS Elastic Beanstalk now supports Python 3.14 on Amazon Linux 2023, allowing developers to build and deploy applications that take advantage of the latest interpreter features, improved error messages, and updated security and API behavior. The platform update also enhances the interactive interpreter experience and aligns runtime behavior with modern Python improvements. Environments can be provisioned via the Elastic Beanstalk Console, CLI, or API, and are available in all commercial AWS Regions including AWS GovCloud (US).

AWS simplifies CloudTrail events ingestion into CloudWatch

🔔 AWS now enables centralized collection of CloudTrail events in Amazon CloudWatch, allowing organizations to consolidate telemetry alongside VPC Flow Logs and EKS Control Plane Logs. The integration leverages service-linked channels (SLCs) to receive events without requiring trails and adds safety checks plus termination protection. Customers will incur CloudTrail event delivery charges and CloudWatch Logs ingestion fees based on custom logs pricing; consult the CloudWatch documentation for supported regions and enablement steps.

AWS Directory Service Managed Microsoft AD Now in NZ

📢 AWS has announced that AWS Managed Microsoft AD and AD Connector are now available in the Asia Pacific (New Zealand) Region. AWS Managed Microsoft AD is built on actual Microsoft Active Directory and helps reduce the operational burden of running AD infrastructure in AWS while enabling domain join for EC2, containers, and Kubernetes. AD Connector acts as a proxy to let AWS services use existing on-premises AD identities and group policies without provisioning AD in the cloud.

China-nexus Rapid Exploitation of React2Shell CVE-2025-55182

🛡️ Amazon observed multiple China state-nexus groups rapidly exploiting CVE-2025-55182 (React2Shell), a critical unsafe deserialization flaw in React Server Components with a CVSS score of 10.0 that affects React 19.x and Next.js 15.x/16.x when using App Router. AWS deployed Sonaris active defense, AWS WAF managed rules (AWSManagedRulesKnownBadInputsRuleSet v1.24+) and MadPot honeypots to detect and block attempts, but these protections are not substitutes for patching. Customers running self-managed React/Next.js applications must update immediately, deploy interim WAF rules, and review logs for indicators such as POST requests with next-action or rsc-action-id headers.

Critical React4Shell RSC Vulnerability CVE-2025-55182

🛡️ A critical remote code execution flaw, CVE-2025-55182 (React4Shell), was disclosed affecting React Server Components and multiple derivatives including Next.js, React Router RSC preview, and several bundler plugins. The bug arises from unsafe deserialization of Flight protocol payloads and permits unauthenticated HTTP requests to execute code on vulnerable servers. Immediate updating to the patched React and Next.js releases, plus deployment of WAF rules and access restrictions, is strongly recommended.