Zoom and GitLab Patch RCE, DoS, and 2FA Bypass Vulnerabilities

Both platforms serve as backbone infrastructure for remote work and software development, making these flaws particularly dangerous for business continuity.
CSO Online

Flaws in Chainlit AI dev framework expose servers to compromise

Security researchers uncovered two vulnerabilities in the popular Python-based AI app building tool that could allow ...
The Hacker News

Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow

Node.js released updates fixing a critical DoS flaw caused by async_hooks stack crashes, tracked as CVE-2025-59466, impacting ...

19 WordPress Alternatives: From Simple Builders To Enterprise CMS

Looking for WordPress alternatives that fit your stack? Compare builders, ecommerce platforms, headless CMS, and site ...
SecurityWeek

RondoDox Botnet Exploiting React2Shell Vulnerability

In December, the botnet’s operators focused on weaponizing the flaw to compromise vulnerable Next.js servers. The targeted security defect, tracked as CVE-2025-55182, impacts systems relying on ...
hodlfm

Hackers Exploit React Flaw to Quietly Drain Crypto Wallets

A newly disclosed vulnerability in React, one of the most widely used JavaScript libraries on the web, is being actively exploited to inject crypto wallet drainers into legitimate websites. According ...
Microsoft

Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components

CVE-2025-55182 (also referred to as React2Shell and includes CVE-2025-66478, which was merged into it) is a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server ...
securityledger.com

Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide

In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React Server Components (RSC) that enables remote code execution (RCE), was publicly disclosed. Shortly after publication, multiple ...
The Record

Federal agencies now only have one more day to patch React2Shell bug

The amount of time federal agencies have to patch the recent React2Shell vulnerability has decreased significantly. The Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-55182 — a ...
aha.org

CISA alerts of critical vulnerability impacting free program used for building user interfaces

A critical, unauthenticated remote code execution vulnerability known as React2Shell has been added to the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities Catalog.
Dark Reading

Exploitation Activity Ramps Up Against React2Shell

Less than a week after its public disclosure, a maximum severity vulnerability known as React2Shell has been increasingly exploited by opportunistic threat actors. CVE-2025-55182 is a critical remote ...
techworm.net

Critical React Vulnerability Puts Web Servers At Immediate Risk

A newly discovered security flaw in the React ecosystem — one of the most widely used technologies on the web — is prompting urgent warnings across the tech industry. The bug — dubbed “React2Shell” — ...