Infosecurity Magazine

React.js Hit by Maximum-Severity 'React2Shell' Vulnerability

A critical RCE flaw in React.js, dubbed React2Shell (CVE-2025-55182), has been disclosed with a maximum CVSS score of 10.0, ...
SecurityWeek

Ivanti EPM Update Patches Critical Remote Code Execution Flaw

A critical Ivanti EPM vulnerability could allow unauthenticated attackers to execute arbitrary code remotely with ...
Crypto News

Major JavaScript Library Breach Puts All Crypto Websites at Risk

React vulnerability CVE-2025-55182 exploited by crypto-drainers to execute remote code and steal funds from affected websites ...
American Hospital Association

CISA alerts of critical vulnerability impacting free program used for building user interfaces

A critical, unauthenticated remote code execution vulnerability known as React2Shell has been added to the Cybersecurity and ...

Google links more Chinese hacking groups to React2Shell attacks

Over the weekend, ​Google's threat intelligence team linked five more Chinese hacking groups to attacks exploiting the ...

Ivanti warns of critical Endpoint Manager code execution flaw

American IT software company Ivanti warned customers today to patch a newly disclosed vulnerability in its Endpoint Manager ...

Critical React Vulnerability Puts Web Servers At Immediate Risk

A newly discovered security flaw in the React ecosystem — one of the most widely used technologies on the web — is prompting ...
The Hacker News

.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL

Research shows a .NET proxy design flaw enables file writes and RCE through attacker-supplied WSDL in multiple products.
The Hacker News

Active Attacks Exploit Gladinet's Hard-Coded Keys for Unauthorized Access and Code Execution

Huntress reports active attacks abusing Gladinet’s fixed cryptographic keys to forge tickets and gain remote code execution ...

Remote Maintenance ScreenConnect: Critical vulnerability allows code execution

In the remote maintenance software Connectwise ScreenConnect, authenticated attackers can inject malicious code. An update is ...
CSO Online

Gladinet servers file-sharing servers allow remote code execution

Static AES keys are enabling attackers to decrypt access tokens and reach remote code execution, triggering urgent patch ...