Dark Reading

Critical React Flaw Triggers Calls for Immediate Action

The vulnerability, which was assigned two CVEs with maximum CVSS scores of 10, may affect more than a third of cloud service ...
Dark Reading

React2Shell Vulnerability Under Attack From China-Nexus Groups

A maximum-severity vulnerability affecting the React JavaScript library is under attack by Chinese-nexus actors, further ...

Critical React2Shell flaw actively exploited in China-linked attacks

Multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) affecting React and ...
InfoWorld

Developers urged to immediately upgrade React, Next.js

Critical vulnerability in React library should be treated by IT as they did Log4j - as an emergency, warns one expert.
SecurityWeek

React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability

Critical React vulnerability tracked as CVE-2025-55182 and React2Shell can be exploited for unauthenticated remote code ...

Cloudflare blames today's outage on React2Shell mitigations

Cloudflare has blamed today's outage on the emergency patching of a critical React remote code execution vulnerability, which is now actively exploited in attacks.
Computer Weekly

Cyber teams on alert as React2Shell exploitation spreads

Exploitation of an RCE flaw in a widely-used open source library is spreading quickly, with China-backed threat actors in the ...
Hackaday

This Week In Security: React, JSON Formatting, And The Return Of Shai Hulud

After a week away recovering from too much turkey and sweet potato casserole, we’re back for more security news! And if you ...