The Hacker News

Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability

AWS reports China-linked groups Earth Lamia and Jackpot Panda rapidly attacking the critical React2Shell CVE-2025-55182 RCE ...

Critical React2Shell flaw actively exploited in China-linked attacks

Multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) affecting React and ...

Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.