Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
The Hacker News

Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud

Water Saci and RelayNFC drive advanced Brazil-targeted attacks using WhatsApp worm tactics and real-time NFC payment theft.

One of the most popular web app frameworks has a major security flaw

Alas, no, as it turns out that a very popular web app framework, used heavily in servers around the world, has been ...
Que.com on MSN

React and Next.js security risks: Addressing critical vulnerabilities now

In today’s rapidly evolving digital landscape, web developers seek technologies that offer speed, reliability, and flexibility. React and Next.js, two ...

Critical vulnerability in React JS framework has a near 100% chance to be exploited

Researchers have uncovered a critical security flaw that could have catastrophic consequences for web and private cloud ...
SecurityWeek

React2Shell Attacks Linked to North Korean Hackers

Attacks exploiting the recently emerged React vulnerability dubbed React2Shell appear to have been conducted by North Korean ...
The Hacker News

⚡ Weekly Recap: USB Malware, React2Shell, WhatsApp Worms, AI IDE Bugs & More

This week’s ThreatsDay Bulletin covers USB malware, fake crypto scams, CastleRAT, new cyber laws, and falling ransomware ...