The Hacker News

Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT

Researchers detail JS#SMUGGLER, a multi-stage web attack using JavaScript, HTA, and PowerShell to deploy NetSupport RAT on ...

JavaScript turns 30: From 10-day prototype to the backbone of the modern web

Thirty years ago, Netscape and Sun Microsystems introduced JavaScript as a new, cross-platform scripting language for ...
Dark Reading

React2Shell Vulnerability Under Attack From China-Nexus Groups

A maximum-severity vulnerability affecting the React JavaScript library is under attack by Chinese-nexus actors, further ...
Computer Weekly

Cyber teams on alert as React2Shell exploitation spreads

Exploitation of an RCE flaw in a widely-used open source library is spreading quickly, with China-backed threat actors in the ...

Experts warn this 'worst case scenario' React vulnerability could soon be exploited - so patch now

React is one of the most popular JavaScript libraries, which powers much of today’s internet. Researchers recently discovered ...

It never rains, but it pours: A security bug with a maximum severity rating is putting many of the worlds' servers at risk

It's so bad that it has a maximum severity rating on the CVE database. Fortunately, React's developers created a fix almost ...
Infosecurity Magazine

React.js Hit by Maximum-Severity 'React2Shell' Vulnerability

A critical RCE flaw in React.js, dubbed React2Shell (CVE-2025-55182), has been disclosed with a maximum CVSS score of 10.0, ...

Cloudflare blames today's outage on React2Shell mitigations

Cloudflare has blamed today's outage on the emergency patching of a critical React remote code execution vulnerability, which is now actively exploited in attacks.
InfoWorld

All I want for Christmas is a server-side JavaScript framework

Could 2026 be the year of the beautiful back end? We explore the range of options for server-side JavaScript development, ...

Critical vulnerability in React JS framework has a near 100% chance to be exploited

Researchers have uncovered a critical security flaw that could have catastrophic consequences for web and private cloud ...

Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.