The Hacker News

North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware

Threat actors with ties to North Korea have likely become the latest to exploit the recently disclosed critical React2Shell security flaw in React Server Components (RSC) to deliver a previously ...
SecurityWeek

Exploitation of React2Shell Surges

An increasing number of threat actors have been attempting to exploit the React vulnerability CVE-2025-55182 in their attacks. An increasing number of threat actors have been attempting to exploit the ...
The Hacker News

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution

A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as ...
InfoQ

TanStack Start: A New Meta Framework Powered by React or SolidJS

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
GitHub

Keys not being used in @clerk/react-router middleware

Hey guys, it looks like the publishable & secret key aren't being used in the clerkMiddleware, this is critical for me since I'm not providing application configuration through environment variables ...
Bleeping Computer

DrayTek warns of remote code execution bug in Vigor routers

Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow remote, unauthenticated actors to execute perform ...
GitHub

The AuthKit React Router Library rendered sensitive auth data in HTML

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the remote (logically and ...