IT之家 12 月 4 日消息，热门 JavaScript 框架 React 昨日发布官方公告，React Server Components 中存在一个未经身份验证的远程代码执行漏洞，建议开发者立即升级修补漏洞。 11 月 29 日，Lachlan Davidson 报告了 React 中的一个安全漏洞，该漏洞允许通过利用 React 解码发送到 ...

来自Wiz、Palo Alto Networks旗下Unit 42、Google ...

While the critical-severity flaw in a popular open-source library has seen exploitation, the ‘vast majority’ of organizations will not be vulnerable, according to well-known researcher Kevin Beaumont.

TORRANCE, Calif., Dec. 12, 2025 (GLOBE NEWSWIRE) -- In December 2025, the critical React Server Components (RSC) vulnerability known as React2Shell (CVE-2025-55182) was publicly disclosed, revealing a ...

December 2025, the RondoDox botnet operators have been targeting Next.js servers impacted by the React2Shell vulnerability.

The operators behind the highly adaptable RondoDox botnet campaign that kicked off in late March have proven to be ready to embrace the latest attack trends. Most recently, in December they began ...

React used to be simple, fun, and mostly predictable. Somewhere along the way, it grew server components, suspense, and a ...