The Hacker News

⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More

Phishing surge, LinkedIn tracking claims, spyware use, and rising stealers expose growing abuse of trusted systems.
SecurityWeek

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

The UAT-10608 hacking group is using automated scanning and scripts to exploit React2Shell in a large-scale credential ...

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...
The Register-Herald

WVU men's basketball: Huff says CBC is fitting way to end Mountaineer career

It was Sunday, a perfect day for miracles, the basketball left Braylon Mullins' hands and arced toward the basket from ...
theregister

Meta frees React to live in its own foundation

Meta has turned over control of React, React Native, and associated projects like JSX to the newly formed React Foundation, fulfilling a commitment made last October. Matt Carroll, a developer ...
SecurityWeek

Critical React Native Vulnerability Exploited in the Wild

Albeit mainly considered a theoretical risk, the flaw has been exploited to disable protections and deliver malware. Tracked as CVE-2025-11953 (CVSS score of 9.8) and disclosed in early November, the ...
bitnewsbot

Spear-phishers hide HTML lures in 27 malicious npm packages.

Attackers abused 27 npm packages to host CDN‑served credential‑harvesting phishing lures—targeting sales and commercial staff at critical‑infrastructure‑adjacent firms with bot/sandbox evasion and 25 ...
Computer Weekly

Cyber teams on alert as React2Shell exploitation spreads

A remote code execution (RCE) vulnerability in the React JavaScript library, which earlier today caused disruption across the internet as Cloudflare pushed mitigations live on its network, is now ...