Bleeping Computer

Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
CoinDesk

New React bug that can drain all your tokens is impacting 'thousands of' websites

Attackers are using the vulnerability to deploy malware and crypto-mining software, compromising server resources and potentially intercepting wallet interactions on crypto platforms.

RondoDox botnet exploits React2Shell flaw to breach Next.js servers

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js ...
InfoWorld

Intro to Hotwire: HTML over the wire

This concept isn’t new—in fact, it is the essence of representational state transfer (REST). Instead of converting to a ...
InfoWorld

React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web

The explosive, easy-to-trigger vulnerability was exploited within hours of disclosure, exposing the risks of default ...
GitHub

React Native for Windows

See the official React Native website for an introduction to React Native. React Native is a framework developed by Meta that enables you to build world-class application experiences on native ...
GitHub

The JavaScript bundler for React Native.

Metro is included with React Native — see the React Native docs to quickly get started ⏱️. To add Metro to an existing project, see our Getting Started guide. Metro was previously part of the ...