CoinDesk

New React bug that can drain all your tokens is impacting 'thousands of' websites

Attackers are using the vulnerability to deploy malware and crypto-mining software, compromising server resources and ...
Cybernews

React, Next.js disclose follow-up vulnerabilities, again urge users to patch immediately

React and Next.js are urging developers to immediately patch two additional, follow-up vulnerabilities that were discovered while testing the fix for the React2Shell vulnerability.
Security Boulevard

Denial-of-Service and Source Code Exposure in React Server Components

In early December 2025, the React core team disclosed two new vulnerabilities affecting React Server Components (RSC). These issues – Denial-of-Service and Source Code Exposure were found by security ...