Critical React2Shell flaw actively exploited in China-linked attacks

Multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) affecting React and ...
The Hacker News

ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware

ShadyPanda abused browser extensions for seven years, turning 4.3M installs into a multi-phase surveillance and hijacking ...
CoinJournal

Shai Hulud malware hits NPM as crypto libraries face a growing security crisis

Shai Hulud malware has infected hundreds of NPM libraries, including major ENS and crypto packages, triggering a JavaScript ...