The Hacker News

Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting ...

Critical React2Shell flaw actively exploited in China-linked attacks

Multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) affecting React and ...

Critical vulnerability in React JS framework has a near 100% chance to be exploited

Researchers have uncovered a critical security flaw that could have catastrophic consequences for web and private cloud ...

Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
SecurityWeek

React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability

Critical React vulnerability tracked as CVE-2025-55182 and React2Shell can be exploited for unauthenticated remote code ...
Tech Digest

How to Buy a Profitable App: Complete Guide

Buying a mobile app business, thus saving money in development costs, has become one of the smartest shortcuts in digital ...

Shai-Hulud 2: New version of NPM worm also attacks low-code platforms

The attackers have learned from their mistakes and have now developed a more aggressive version of the worm. It has already ...
Security Boulevard

Shai-Hulud: The Second Coming

While the September 2025 Shai-Hulud attack focused primarily on credential harvesting and self-propagation, this new variant ...