The Hacker News

144 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.
Analytics Insight

5 Best JS Chart Libraries for Data Visualization in 2026

Free public DNS servers can improve browsing speed, strengthen privacy, and add security features that go beyond the default ...
The Register-Herald

Wrestling matches provide an action-packed story time at US libraries, in photos

Lucha Libro,” a high-energy, action-packed story time is bringing live wrestling matches to libraries across the U.S. to ...
SiliconANGLE

Developer tooling startup Expo nabs $45M investment

Expo, the developer of a popular open-source tool for building cross-platform applications, today announced that it has raised $45 million in funding. Developers often implement web application ...
techtimes

How React Native Mobile Transforms iOS and Android App Development with Expo CLI and React Native CLI

Learn how React Native Mobile simplifies iOS and Android app creation using the versatile mobile app framework with Expo CLI and React Native CLI for cross-platform development. React Native - ...
VentureBeat

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a ...
theregister

React survey shows TanStack gains, doubts over server components

Devographics has published its State of React survey, with over 3,700 developers speaking out about what they love and hate in the fractured React ecosystem. React, originally sponsored by Meta, is a ...
TechRadar

Maximum severity React2Shell flaw exploited by North Korean hackers in malware attacks

React2Shell (CVE-2025-55182) critical flaw exploited by Chinese and North Korean groups North Korea deploys EtherRAT implant with Ethereum C2, Linux persistence, and Node.js runtime Researchers urge ...
Infosecurity-magazine.com

React.js Hit by Maximum-Severity 'React2Shell' Vulnerability

A critical remote code execution vulnerability in React.js has been identified. React.js is a JavaScript library for building fast, interactive user interfaces (UIs) using reusable components. The ...
Dark Reading

React2Shell Vulnerability Under Attack From China-Nexus Groups

A critical vulnerability affecting the popular open source JavaScript library React is under attack — by none other by Chinese nation-state threat actors. CVE-2025-55182, which was disclosed Wednesday ...
TechRadar

Experts warn this 'worst case scenario' React vulnerability could soon be exploited - so patch now

Critical React flaw (CVE-2025-55182) enables pre-auth RCE in React Server Components Affects versions 19.0–19.2.0 and frameworks like Next, React Router, Vite; patches released in 19.0.1, 19.1.2, 19.2 ...
TechSpot

Critical vulnerability in React JS framework has a near 100% chance to be exploited

Facepalm: A widely used web technology is affected by a serious security vulnerability that can be exploited with minimal effort to compromise servers. Known as "React2Shell," the flaw may require ...