Yahoo Finance

Criminal IP Reveals Global React2Shell RCE Exposure Across React Server Components

TORRANCE, Calif., Dec. 12, 2025 (GLOBE NEWSWIRE) -- In December 2025, the critical React Server Components (RSC) vulnerability known as React2Shell (CVE-2025-55182) was publicly disclosed, revealing a ...
InfoWorld

React2Shell is the Log4j moment for front end development

Attackers have upped the ante in their exploits of a recently-disclosed maximum severity vulnerability in React Server Components (RSC), Next.js, and related frameworks. Attackers initially exploited ...
heise online

React2Shell patch insufficient, attacks widen

In a blog post, the React developers explain that the previously released patches are vulnerable. “If you have already applied the updates for the critical vulnerability last week, you need to update ...
Hosted on MSN

React2Shell RCE flaw exploited by Chinese hackers hours after disclosure

Critical React2Shell flaw now exploited in the wild by China-linked groups AWS reports global targeting of finance, logistics, retail, IT, universities, and governments for persistence and espionage ...
InfoWorld

React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web

The React 19 library for building application interfaces was hit with a remote code vulnerability, React2Shell, about a month ago. However, as researchers delve deeper into the bug, the larger picture ...
Hosted on MSN

React2Shell exploitation continues to escalate, posing 'significant risk'

React2Shell (CVE‑2025‑55182) exploited to compromise hundreds of systems worldwide China‑linked groups and North Korea abuse flaw for persistence, espionage, and cryptomining Patch immediately to ...