Attackers are exploiting a Flight protocol validation failure that allows them to execute arbitrary code without ...

Plane 1.2.0 rebuilt its frontend stack, migrating from Next.js to React Router and Vite, and fixed critical security ...

SEAL Security researchers warned that a critical React flaw fueled a surge in wallet-draining attacks on crypto websites.

At least five more Chinese spy crews, Iran-linked goons, and financially motivated criminals are now attacking the React2Shell, a maximum-severity flaw in the widely used React JavaScript library, ...

In early December 2025, the React core team disclosed two new vulnerabilities affecting React Server Components (RSC). These issues – Denial-of-Service and Source Code Exposure were found by security ...

A new malware implant called EtherRAT, deployed in a recent React2Shell attack, runs five separate Linux persistence mechanisms and leverages Ethereum smart contracts for communication with the ...

A ransomware gang exploited the critical React2Shell vulnerability (CVE-2025-55182) to gain initial access to corporate ...

The exploitation efforts by China-nexus groups and other bad actors against the critical and easily abused React2Shell flaw in the popular React and Next.js software accelerated over the weekend, with ...

Security firms have seen cryptocurrency miners, Linux backdoors, botnet malware, and post-exploitation implants in ...

As exploitation activity against CVE-2025-55182, researchers are finding some exploits contain bypasses for Web application firewall (WAF) rules.