Bleeping Computer

Hackers exploit critical React Native Metro bug to breach dev systems

Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native to deliver malicious payloads for Windows and Linux. On Windows, an ...
SecurityWeek

Critical React Native Vulnerability Exploited in the Wild

Albeit mainly considered a theoretical risk, the flaw has been exploited to disable protections and deliver malware. Tracked as CVE-2025-11953 (CVSS score of 9.8) and disclosed in early November, the ...
Krebs on Security

The Kimwolf Botnet is Stalking Your Local Network

The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it’s time for a ...
The Hacker News

Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data

Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code (VS Code) Marketplace that are designed to infect developer machines with stealer malware. The VS Code ...
InfoWorld

Flaw in React Native CLI opens dev servers to attacks

The bug exposes the Metro development server to remote attacks, allowing arbitrary OS command execution on developer systems before a fix in version 20.0.0. A critical remote-code execution (RCE) flaw ...
The Hacker News

Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks

Details have emerged about a now-patched critical security flaw in the popular "@react-native-community/cli" npm package that could be potentially exploited to run malicious operating system (OS) ...
Developer Tech

React Native Godot library merges 3D graphics with business apps

A new library, React Native Godot, enables developers to embed the open-source Godot Engine for 3D graphics within a React Native application. Enterprise development teams often have to balance the ...
GitHub

React Native Package Checker

New Arch Supported Package supports New Architecture Click for detailed package info ⅹ New Arch Unsupported Package doesn't support New Architecture Click to see alternatives or migration info ⚠ New ...
InfoQ

Shopify's React Native Journey: an In-Flight Retrospective

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
InfoQ

State of React Native 2024 Survey Highlights

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
GitHub

[Bug] Debugger stops at breakpoints that I didn't set on node_modules libraries, specially in Promises

About this: microsoft/vscode-js-debug#1715, yes i am observing that exact behaviour, i think it is because of the implementation of React Native's Promise polyfill. None of the work arounds have work ...