SecurityWeek

From Open Source to OpenAI: The Evolution of Third-Party Risk

Software supply chain attacks are evolving as open source and AI-generated code introduce new third-party risks. Learn how ...
InfoWorld

React2Shell is the Log4j moment for front end development

Attackers are exploiting a Flight protocol validation failure that allows them to execute arbitrary code without ...
Security Boulevard

Denial-of-Service and Source Code Exposure in React Server Components

In early December 2025, the React core team disclosed two new vulnerabilities affecting React Server Components (RSC). These issues – Denial-of-Service and Source Code Exposure were found by security ...

Google links more Chinese hacking groups to React2Shell attacks

Over the weekend, ​Google's threat intelligence team linked five more Chinese hacking groups to attacks exploiting the ...
Infosecurity Magazine

New BeaverTail Malware Variant Linked to Lazarus Group

A new variant of the BeaverTail malware linked to North Korean hackers has been identified targeting cryptocurrency traders ...
FinanceFeeds

Hackers Exploit JavaScript Library to Deploy Crypto Wallet Drainers

Hackers exploit a critical React JavaScript vulnerability, CVE-2025-55182, to deploy crypto wallet drainers on legitimate websites ...
The Hacker News

Rogue NuGet Package Poses as Tracer.Fody, Steals Cryptocurrency Wallet Data

A fake NuGet package mimicking Tracer.Fody stayed online for years, stealing Stratis wallet files and passwords from Windows ...

GhostPoster attacks hide malicious JavaScript in Firefox addon logos

A new campaign dubbed 'GhostPoster' is hiding JavaScript code in the image logo of malicious Firefox extensions counting more ...
Crypto News

Major JavaScript Library Breach Puts All Crypto Websites at Risk

React vulnerability CVE-2025-55182 exploited by crypto-drainers to execute remote code and steal funds from affected websites ...

Hackers are exploiting a JavaScript library to plant crypto drainers

Hackers are exploiting a vulnerability in React to inject wallet-draining malware into cryptocurrency websites.
Nextgov

Sen. Cotton urges top White House cyber official to protect open-source software

A letter from the chairman of the Senate Intelligence Committee cites previous Nextgov/FCW reporting about a potential ...

DeepSeek just flipped the AI script in favor of open-source—and the irony for OpenAI and Anthropic is brutal

DeepSeek, the Chinese AI startup, shocked the world after unveiling an AI model last week that rivals leading models like ...