The Hacker News

New React RSC Vulnerabilities Enable DoS and Source Code Exposure

The React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited ...
Cybernews

React, Next.js disclose follow-up vulnerabilities, again urge users to patch immediately

React and Next.js are urging developers to immediately patch two additional, follow-up vulnerabilities that were discovered ...
Security Boulevard

Denial-of-Service and Source Code Exposure in React Server Components

In early December 2025, the React core team disclosed two new vulnerabilities affecting React Server Components (RSC). These issues – Denial-of-Service and Source Code Exposure were found by security ...
The Register on MSN

New React vulns leak secrets, invite DoS attacks

And the earlier React2Shell patch is vulnerable If you're running React Server Components, you just can't catch a break. In ...
The Register on MSN

Half of exposed React servers remain unpatched amid active exploitation

Wiz says React2Shell attacks accelerating, ranging from cryptominers to state-linked crews Half of the internet-facing ...

Hackers are exploiting a JavaScript library to plant crypto drainers

Hackers are exploiting a vulnerability in React to inject wallet-draining malware into cryptocurrency websites.

Patch Now! Critical Malware Vulnerability Threatens React

The JavaScript programming library React and certain apps created with it are vulnerable. Security updates are available for download.
Cybernews

React vulnerability hits crypto websites with drainers

As reported by Cybernews, the React vulnerability, which enables external attackers to run privileged, arbitrary code on ...
Security Boulevard

React Fixes Two New RSC Flaws as Security Teams Deal with React2Shell

As they work to fend off the rapidly expanding number of attempts by threat actors to exploit the dangerous React2Shell vulnerability, security teams are learning of two new flaws in React Server ...