React and Next.js are urging developers to immediately patch two additional, follow-up vulnerabilities that were discovered ...

Plane 1.2.0 rebuilt its frontend stack, migrating from Next.js to React Router and Vite, and fixed critical security ...

React2Shell (CVE-2025-55182) is a critical vulnerability affecting the most widely used React-based services across the web ...

CISA warns that attackers are actively exploiting the React2Shell CVE-2025-55182 flaw, urging fast patching across vulnerable ...

The attack chain centres on a flaw dubbed React2Shell, tracked as CVE-2025-55182, which affects certain configurations of ...

A newly discovered security flaw in the React ecosystem — one of the most widely used technologies on the web — is prompting ...

Wiz says React2Shell attacks accelerating, ranging from cryptominers to state-linked crews Half of the internet-facing ...

The Indiana Senate killed the GOP redistricting bill as President Donald Trump and leaders react with both sharp criticism ...

As they work to fend off the rapidly expanding number of attempts by threat actors to exploit the dangerous React2Shell vulnerability, security teams are learning of two new flaws in React Server ...

过去一周，React2Shell 漏洞的余威仍在：服务器被劫持挖矿、云厂商紧急封禁、甚至引发 ；为了把风险压下去，Vercel 甚至在一个周末就付出了 75 万美元的漏洞赏金与应急处置成本。一次前端框架的漏洞，直接打穿了整个技术栈。React 官方连续发布紧急通告，反复强调“请立即升级”，短时间内已经是第二次大规模补丁更新。

Security researchers warn that hundreds of compromised Next.js devices are attacking others, and tens of thousands of servers ...

A new malware implant called EtherRAT, deployed in a recent React2Shell attack, runs five separate Linux persistence ...