A ransomware gang exploited the critical React2Shell vulnerability (CVE-2025-55182) to gain initial access to corporate networks and deployed the file-encrypting malware less than a minute later.

Attackers have upped the ante in their exploits of a recently-disclosed maximum severity vulnerability in React Server Components (RSC), Next.js, and related frameworks. Attackers initially exploited ...

The React 19 library for building application interfaces was hit with a remote code vulnerability, React2Shell, about a month ago. However, as researchers delve deeper into the bug, the larger picture ...

Over the weekend, Google's threat intelligence team linked five more Chinese hacking groups to attacks exploiting the maximum-severity "React2Shell" remote code execution vulnerability. Tracked as CVE ...

React2Shell (CVE‑2025‑55182) exploited to compromise hundreds of systems worldwide China‑linked groups and North Korea abuse flaw for persistence, espionage, and cryptomining Patch immediately to ...

In a blog post, the React developers explain that the previously released patches are vulnerable. “If you have already applied the updates for the critical vulnerability last week, you need to update ...

In a reversal, the agency plans to calculate only the cost to industry when setting pollution limits, and not the monetary value of saving human lives, documents show. By Maxine Joselow The ...

Who hasn't exploited this max-severity flaw? At least five more Chinese spy crews, Iran-linked goons, and financially motivated criminals are now attacking React2Shell, a maximum-severity flaw in the ...