Google is now tracking at least five Chinese cyber-espionage groups that are exploiting the React2Shell vulnerability for initial access. The groups are UNC6600, UNC6586, UNC6588, UNC6603, and UNC6603. This is up from two at the beginning. https://cloud.google.com/blog/topics/threat-intelligence/threat-actors-exploit-react2shell-cve-2025-55182/