The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
CSOonline

Threat actors hijack web traffic after exploiting React2Shell vulnerability

Threat actors exploiting the React2Shell vulnerability in components of React servers are using their access to compromise web domains and divert web traffic for malicious purposes. That’s the ...
SecurityWeek

Cryptominers, Reverse Shells Dropped in Recent React2Shell Attacks

Two IP addresses accounted for the majority of the 1.4 million exploitation attempts observed over the past week. React2Shell exploitation activity remains strong, with over 1.4 million attempts ...
IEEE

Key Node Identification Based on Hypergraph Threshold Model and PRK-Shell Algorithm

Abstract: The identification of key nodes is vital in the research of many complex networks such as protein networks. Currently, the main research focuses on ordinary graphs that cannot describe ...
InfoWorld

React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web

The React 19 library for building application interfaces was hit with a remote code vulnerability, React2Shell, about a month ago. However, as researchers delve deeper into the bug, the larger picture ...
Hypebeast

Japan Welcomes the Largest 'Ghost in the Shell' Exhibition in Franchise History

A massive Ghost in the Shell exhibition opens in January 2026 at TOKYO NODE, exploring 37 years of franchise history Visitors can “dive” into digital installations and view 1,600+ original production ...
Hosted on MSN

React2Shell exploitation continues to escalate, posing 'significant risk'

React2Shell (CVE‑2025‑55182) exploited to compromise hundreds of systems worldwide China‑linked groups and North Korea abuse flaw for persistence, espionage, and cryptomining Patch immediately to ...
Microsoft

Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components

CVE-2025-55182 (also referred to as React2Shell and includes CVE-2025-66478, which was merged into it) is a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server ...
Morningstar

PacketWatch 24/7 Cyber Incident Response Team Helps Organizations Recover From React2Shell Exploitations

PHOENIX, Dec. 12, 2025 /PRNewswire/ -- As organizations struggle to understand the impact of the React2Shell vulnerability, PacketWatch threat hunters have published a blog article, "Responding to ...
Dark Reading

React2Shell Exploits Flood the Internet as Attacks Continue

A torrent of proof-of-concept (PoC) exploits for React2Shell has hit the internet following the vulnerability's disclosure last week, and while security researchers say most are fake, ineffective and ...
The Record

Federal agencies now only have one more day to patch React2Shell bug

The amount of time federal agencies have to patch the recent React2Shell vulnerability has decreased significantly. The Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-55182 — a ...