Critical vulnerability in React library should be treated by IT as they did Log4j - as an emergency, warns one expert.

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.

Critical React vulnerability tracked as CVE-2025-55182 and React2Shell can be exploited for unauthenticated remote code ...

Exploitation of React2Shell started almost immediately after disclosure. AWS reported that at least two known China-linked ...

The JavaScript programming library React and certain apps created with it are vulnerable. Security updates are available for ...

It has been seen spreading cryptojacking malware and in attempts to steal cloud credentials from compromised machines.

Warnings continue to mount over a critical vulnerability in the widely used web application framework React, with threat ...

Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now confirming that attackers have already ...

North Korean hackers intensify their efforts against blockchain and Web3 developers, using nearly 200 malicious npm packages ...

This week, the React flaw, a belated Windows fix, Defense Secretary Pete Hegseth's Signal group posed operational risk, more ...

While the September 2025 Shai-Hulud attack focused primarily on credential harvesting and self-propagation, this new variant ...

PostHog says the Shai-Hulud 2.0 npm worm compromise was "the largest and most impactful security incident" it's ever experienced after attackers slipped malicious releases into its JavaScript SDKs and ...