CSO Online

React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web

The explosive, easy-to-trigger vulnerability was exploited within hours of disclosure, exposing the risks of default ...
SecurityWeek

NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data

The lotusbail NPM package steals WhatsApp credentials, messages, and contacts, and provides persistent access to the victims’ accounts.
theregister

China, Iran are having a field day with React2Shell, Google warns

At least five more Chinese spy crews, Iran-linked goons, and financially motivated criminals are now attacking React2Shell, a maximum-severity flaw in the widely used React JavaScript library, ...

Google links more Chinese hacking groups to React2Shell attacks

Over the weekend, ​Google's threat intelligence team linked five more Chinese hacking groups to attacks exploiting the maximum-severity "React2Shell" remote code execution vulnerability.
financefeeds

Hackers Exploit JavaScript Library to Deploy Crypto Wallet Drainers

Hackers have exploited a flaw in the React JavaScript library to inject code that drains crypto wallets onto websites, primarily on cryptocurrency platforms. The React team released a patch on ...
Dark Reading

React2Shell Vulnerability Under Attack From China-Nexus Groups

A critical vulnerability affecting the popular open source JavaScript library React is under attack — by none other by Chinese nation-state threat actors. CVE-2025-55182, which was disclosed Wednesday ...
GitHub

Ember Media Library Download

Ember provides comprehensive media library management that transforms disorganized collections of movies, TV shows, and music into beautifully curated digital libraries. This sophisticated application ...