The Hacker News

⚡ Weekly Recap: IoT Exploits, Wallet Breaches, Rogue Extensions, AI Abuse & More

First 2026 cyber recap covering IoT exploits, wallet breaches, malicious extensions, phishing, malware, and early AI abuse.
Larry Brown Sports

Fans react to Ravens kicker’s massive choke job vs. Steelers

Baltimore Ravens fans are never going to forgive kicker Tyler Loop for letting the team down to end their 2025 season. Loop had a chance to send the Ravens to the playoffs with one kick to close out ...
WKRN-TV

Expert, leaders react to The Boring Company’s Music City Loop environmental impact assessment

NASHVILLE, Tenn. (WKRN) — On Tuesday night, Metro Council weighs a measure that would formally oppose the Music City Loop. On Monday, The Boring Company — owned by Elon Musk — released what said is a ...
heise online

React2Shell patch insufficient, attacks widen

In a blog post, the React developers explain that the previously released patches are vulnerable. “If you have already applied the updates for the critical vulnerability last week, you need to update ...
The Age

Fly-in, fly-out Suburban Rail Loop boss to leave $900,000 job

Add articles to your saved list and come back to them anytime. The man in charge of Melbourne’s most expensive infrastructure project is set to leave his $900,000-a-year job just a month after The Age ...
The Hacker News

North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware

Threat actors with ties to North Korea have likely become the latest to exploit the recently disclosed critical React2Shell security flaw in React Server Components (RSC) to deliver a previously ...
Network World

Cloudflare firewall reacts badly to React exploit mitigation

Cloudflare’s network suffered a brief but widespread outage Friday, after an update to its Web Application Firewall to mitigate a vulnerability in React Server Components went wrong. At 9:09 a.m. UTC, ...
TechSpot

Critical vulnerability in React JS framework has a near 100% chance to be exploited

Facepalm: A widely used web technology is affected by a serious security vulnerability that can be exploited with minimal effort to compromise servers. Known as "React2Shell," the flaw may require ...
Bleeping Computer

Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
heise online

Patch Now! Critical Malware Vulnerability Threatens React

Software developers working with React should immediately update the JavaScript programming library to the latest version for security reasons. If this is not done, attackers can exploit a ...
Ars Technica

Admins and defenders gird themselves against maximum-severity server vuln

Security defenders are girding themselves in response to the disclosure of a maximum-severity vulnerability disclosed Wednesday in React Server, an open-source package that’s widely used by websites ...