Find notable cyber news and cases, enriched with sources, timelines, and signals.

Earth Lamia and Jackpot Panda broad multi-CVE scanning campaign

Campaign
First reported
Last updated
Happening score
H score 42
1 unique sources, 1 articles

Summary

Hide ▲

Earth Lamia and Jackpot Panda mounted a broad multi-CVE scanning campaign that quickly weaponized CVE-2025-55182 / React2Shell, raising the chance that unpatched systems would be hit before defenders could respond. The operation also probed for other N-day flaws, including CVE-2025-1338, showing an attempt to broaden reach beyond a single bug. Probes observed in AWS MadPot included discovery commands and file access attempts, indicating active follow-on reconnaissance. The campaign matters because it combines rapid public-exploit adoption with simultaneous scanning across multiple vulnerabilities.

Cases

Related Happenings

OceanLotus SPECTRALVIPER campaigns targeting Vietnam

Campaign
H score33 First: 11.06.2026 12:45 Last: 11.06.2026 12:45 Sources 1

About this happening: **OceanLotus** expanded its **Vietnam-focused espionage operations** with two attributed campaigns using **SPECTRALVIPER**, broadening risk to a **Vietnamese infrastructure and tr...

APT28 BEARDSHELL and COVENANT surveillance activity against Ukrainian military personnel

Malware Activity
H score23 First: 10.03.2026 12:55 Last: 10.03.2026 12:55 Sources 1

About this happening: The **APT28** operation has expanded into **BEARDSHELL** and **COVENANT** implants used for **long-term surveillance** of **Ukrainian military personnel**, indicating an active es...

Iran-linked Hikvision and Dahua surveillance camera targeting campaign

Campaign
H score37 First: 04.03.2026 17:00 Last: 04.03.2026 17:00 Sources 1

About this happening: A **coordinated campaign** is targeting **Hikvision** and **Dahua** surveillance cameras across the **Middle East**, increasing the risk that compromised devices could support mil...

AI-generated FortiGate reconnaissance tool analysis with weak parsing and empty stubs

Technical Analysis
H score35 First: 23.02.2026 14:30 Last: 23.02.2026 14:30 Sources 1

About this happening: AWS identified a custom **FortiGate reconnaissance tool** that showed clear hallmarks of **AI-generated code**, helping explain how a low-skill actor automated post-compromise dis...

Russian-speaking hacker AI-assisted FortiGate breach campaign

Campaign
H score52 First: 21.02.2026 15:50 Last: 21.02.2026 15:50 Sources 1

About this happening: The **Russian-speaking** threat actor ran an **AI-assisted FortiGate breach campaign** from **January 11 to February 18, 2026**, compromising **over 600 FortiGate devices** across...

Timeline

  1. 05.12.2025 16:10 2 articles · 7mo ago

    AWS sees React2Shell exploitation and multi-CVE scanning

    Campaign Scope Update

    AWS MadPot honeypot telemetry identified Earth Lamia and Jackpot Panda attempting to exploit CVE-2025-55182 (React2Shell) in React Server Components (RSC) within hours of disclosure, and also saw attempts against CVE-2025-1338 in NUUO Camera and other N-day flaws. The observed activity included discovery commands such as whoami, writing /tmp/pwned.txt, and reading /etc/passwd, indicating rapid public-exploit adoption and broad scanning for unpatched systems.

    Show sources