The Hacker News

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution

Critical RSC flaws in React and Next.js enable unauthenticated remote code execution; users should update to patched versions ...
The Register on MSN

'Exploitation is imminent' as 39 percent of cloud environs have max-severity React hole

Finish reading this, then patch A maximum-severity flaw in the widely used JavaScript library React, and several React-based ...
Computer Weekly

Cyber teams on alert as React2Shell exploitation spreads

Exploitation of an RCE flaw in a widely-used open source library is spreading quickly, with China-backed threat actors in the ...
SecurityWeek

React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability

Critical React vulnerability tracked as CVE-2025-55182 and React2Shell can be exploited for unauthenticated remote code ...
The Register on MSN

Google Chrome bug exploited as an 0-day - patch now or risk full system compromise

Seventh Chrome 0-day this year Google pushed an emergency patch on Monday for a high-severity Chrome bug that attackers have already found and exploited in the wild.… The vulnerability, tracked as CVE ...
FinanceFeeds

Shai Hulud Malware Hits 400+ JavaScript Packages in Major NPM Supply-Chain Attack

Charlie Eriksen, a researcher at Aikido, identified the infected libraries and confirmed each detection manually to minimize ...
Cult of Mac

UPDATED: Is The iPhone’s Push System Vulnerable To Spam, Malware Popups?

UPDATE: This now looks like a Javascript alert buried on a webpage, not a push notification. See below. The iPhone’s Push notification system may be vulnerable to spam and malware popups. CoM reader ...