In early December 2025, the React core team disclosed two new vulnerabilities affecting React Server Components (RSC). These issues – Denial-of-Service and Source Code Exposure were found by security ...

React is one of the most popular JavaScript libraries, which powers much of today’s internet. Researchers recently discovered a maximum-severity vulnerability. This bug could allow even the ...

Exploitation of React2Shell started almost immediately after disclosure. AWS reported that at least two known China-linked threat actors, Earth Lamia and Jackpot Panda, have been exploiting it in ...

SEAL Security researchers warned that a critical React flaw fueled a surge in wallet-draining attacks on crypto websites.

React vulnerability CVE-2025-55182 exploited by crypto-drainers to execute remote code and steal funds from affected websites ...

Security firms have seen cryptocurrency miners, Linux backdoors, botnet malware, and post-exploitation implants in ...

React2Shell (CVE-2025-55182) is a critical vulnerability affecting the most widely used React-based services across the web ...

Following the critical vulnerability CVE-2025-55182 in React Server Components, researchers have found three new leaks. Two ...

Cloudflare has blamed today's outage on the emergency patching of a critical React remote code execution vulnerability, which is now actively exploited in attacks.

React and Next.js are urging developers to immediately patch two additional, follow-up vulnerabilities that were discovered ...

Plane 1.2.0 rebuilt its frontend stack, migrating from Next.js to React Router and Vite, and fixed critical security ...

Yes, Cloudflare has acknowledged that modifications made to its systems to address the serious "React2Shell" vulnerability directly caused a recent ...