Bleeping Computer

Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
CoinDesk

New React bug that can drain all your tokens is impacting 'thousands of' websites

A critical vulnerability in React Server Components is being actively exploited by multiple threat groups, putting thousands of websites — including crypto platforms — at immediate risk with users ...
Bleeping Computer

Critical React2Shell flaw actively exploited in China-linked attacks

Multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) affecting React and Next.js just hours after the max-severity issue was disclosed. React2Shell is an ...
TechSpot

Critical vulnerability in React JS framework has a near 100% chance to be exploited

Facepalm: A widely used web technology is affected by a serious security vulnerability that can be exploited with minimal effort to compromise servers. Known as "React2Shell," the flaw may require ...
InfoWorld

Why JavaScript’s still on top in 2025

Welcome to a new year of programming and the brand new monthly list of JavaScript stories just for developers! Among the highlights so far: Svelte and SvelteKit have seen a slew of incremental ...
InfoWorld

JavaScript tools and frameworks we’re watching now

The rapid evolution in JavaScript tools and frameworks moves at a breakneck speed. Here's our monthly roundup of news, tutorials, and updates to help you keep up. JavaScript is moving in two ...