Welcome back. This week's theme is clear, the tools built to speed up development have become high-value targets. The React Server Components RCE is as bad as it gets, a CVSS 10.0 under active state-sponsored exploitation, and Shai-Hulud's AI-powered rampage through 27,000 npm packages shows supply chain attacks are only getting more and more aggressive. Factor in widespread IDE vulnerabilities and data showing nearly half of AI-generated code ships insecure, and there's a serious question about how much trust your workflows should place in tools that attackers are now targeting with precision.
TLDR
Active exploitation is underway targeting a critical CVSS 10.0 vulnerability in React Server Components, with China-linked threat actors already compromising over 30 organizations via unauthenticated remote code execution.
Supply chain attacks have escalated with the return of the "Shai-Hulud" worm in the npm ecosystem, an AI-powered campaign that has flooded the registry with 27,000 malicious packages and features a destructive data-wiping "dead man's switch."
Your development tools may be targeting you, as researchers unveiled "IDEsaster", a collection of 30+ flaws across popular AI editors that allow attackers to weaponize standard prompt injection to achieve code execution.
Specifically, the popular Cursor AI editor was found to be vulnerable to a high-severity remote execution flaw (CVE-2025-54136) caused by the abuse of unverified Model Context Protocol (MCP) configurations.
This highlights a broader quality issue, as new analysis reveals that 45% of AI-generated code contains exploitable flaws, with Java-language outputs hitting a staggering 70% vulnerability rate.
THIS WEEK’S TAKE
We are Starting to See the Repercussions of Velocity.
We've built a development ecosystem that treats speed as the only metric that matters and we're paying for it. React2Shell sits in the default configuration of Next.js apps, exploitable with a single HTTP request, and Amazon is already seeing Chinese state actors weaponizing it. Shai-Hulud 2.0 didn't just compromise thousands of npm packages, it compromised packages from Zapier, PostHog, and Postman because the entire chain of trust assumes maintainers won't get phished and npm tokens won't get stolen. That assumption has been wrong for years and we keep acting surprised.
The IDEsaster research and the Veracode numbers land differently when you look at them together. We're asking AI to write nearly half of our code while simultaneously discovering that every major AI IDE is vulnerable to prompt injection that leads to RCE. The tools we're using to accelerate development are themselves becoming the attack surface, and the code they generate fails security tests almost half the time. Java hit a 70% failure rate. The whole "vibe coding" thing where you just trust the output and ship it is aging quicker than milk. The actual takeaway here isn't that AI tools are bad or that React is broken, it's that the velocity at all costs approach has created a level of systemic risk that compounds really really fast. And if your security program isn't built to handle multiple simultaneous supply chain incidents while also validating every AI-generated commit, then you should probably be scared. (sorry but it’s the truth)
- Shawn Booker | OX Security