InfoQ

React Advanced 2025: Type Safe URL State Management Takes Center Stage with Nuqs

Nuqs, a cutting-edge open-source URL state manager for React, revolutionizes application development with its type-safe ...

Maximum severity React2Shell flaw exploited by North Korean hackers in malware attacks

The Chinese are not the only ones exploiting React2Shell, a maximum-severity vulnerability that was recently discovered in ...

The antidote to the JavaScript industrial complex: How XMLUI puts the business developer back in control

The requirements for front-end development have included expertise in React, CSS, and other disciplines, forcing ...

React2Shell RCE flaw exploited by Chinese hackers hours after disclosure

Just as the experts predicted, cybercriminals are now actively exploiting the critical severity vulnerability in React Server ...
The Hacker News

Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting ...

Experts warn this 'worst case scenario' React vulnerability could soon be exploited - so patch now

React is one of the most popular JavaScript libraries, which powers much of today’s internet. Researchers recently discovered a maximum-severity vulnerability. This bug could allow even the ...
Hackaday

This Week In Security: React, JSON Formatting, And The Return Of Shai Hulud

After a week away recovering from too much turkey and sweet potato casserole, we’re back for more security news! And if you ...
GovInfoSecurity

Breach Roundup: React Flaw Incites Supply Chain Risk

This week, the React flaw, a belated Windows fix, Defense Secretary Pete Hegseth's Signal group posed operational risk, more ...
SecurityWeek

React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability

Critical React vulnerability tracked as CVE-2025-55182 and React2Shell can be exploited for unauthenticated remote code ...
Bleeping Computer

Popular JavaScript library expr-eval vulnerable to RCE flaw

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. The ...
The Hacker News

Why React Didn't Kill XSS: The New JavaScript Injection Playbook

React conquered XSS? Think again. That's the reality facing JavaScript developers in 2025, where attackers have quietly evolved their injection techniques to exploit everything from prototype ...