Criminal IP Reveals Global React2Shell RCE Exposure Across React Server Components

In December 2025, the critical React Server Components (RSC) vulnerability known as React2Shell (CVE-2025-55182) was publicly ...

Critical React Vulnerability Puts Web Servers At Immediate Risk

A newly discovered security flaw in the React ecosystem — one of the most widely used technologies on the web — is prompting ...
SecurityWeek

Exploitation of React2Shell Surges

Exploitation of React2Shell started almost immediately after disclosure. AWS reported that at least two known China-linked ...
The Hacker News

React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation

CISA warns that attackers are actively exploiting the React2Shell CVE-2025-55182 flaw, urging fast patching across vulnerable ...

North Korean hackers exploit React2Shell flaw in EtherRAT malware attacks

A new malware implant called EtherRAT, deployed in a recent React2Shell attack, runs five separate Linux persistence ...
SecurityWeek

React2Shell Attacks Linked to North Korean Hackers

Attacks exploiting the recently emerged React vulnerability dubbed React2Shell appear to have been conducted by North Korean ...
DataBreachToday

Exploit Attempts Surge for React2Shell

Hacker interest is high in a days-old vulnerability in widely used web application framework React, with dozens of ...
NextBigFuture

Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide

React2Shell (CVE-2025-55182) is a critical vulnerability affecting the most widely used React-based services across the web ecosystem. With low exploitation complexity and publicly available PoCs, ...

The antidote to the JavaScript industrial complex: How XMLUI puts the business developer back in control

The requirements for front-end development have included expertise in React, CSS, and other disciplines, forcing ...
The Hacker News

North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware

North Korea-linked attackers exploit CVE-2025-55182 to deploy EtherRAT, a smart-contract-based RAT with multi-stage ...

Americans react to national parks ditching free entry on Juneteenth, MLK Day

Americans will no longer get free admission to the country's national parks in observance of MLK Jr. Day and Juneteenth, but ...
Security Boulevard

Cloudflare Forces Widespread Outage to Mitigate Exploitation of Maximum Severity Vulnerability in React2Shell

RCE flaw in React and Next.js is being actively exploited by China-nexus threat groups, prompting urgent patching and global mitigations.