Critical React, Next.js flaw lets hackers execute code on servers

Related breach coverage

• New EtherRAT backdoor surfaces in React2Shell attacks tied to North Korea
  2025-12-10

  NK-linked hackers are likely exploiting the React2Shell flaw to deploy a newly discovered remote access trojan, dubbed EtherRAT. North Korea–linked threat actors are likely exploiting the new critical React2Shell flaw (CVE-2025-55182) to deploy a previously unknown remote access trojan called EtherRAT, Sysdig researchers warn. The vulnerability CVE-2025-55182, is a pre-authentication remote code execution issue in React […]

• Critical HPE OneView Vulnerability Exploited in Attacks
  2026-01-08

  The maximum-severity code injection flaw can be exploited without authentication for remote code execution. The post Critical HPE OneView Vulnerability Exploited in Attacks appeared first on SecurityWeek.

• Max severity Ni8mare flaw lets hackers hijack n8n servers
  2026-01-07

  A maximum severity vulnerability dubbed "Ni8mare" allows remote, unauthenticated attackers to take control over locally deployed instances of the N8N workflow automation platform. [...]

• It’s a mystery … alleged unpatched Telegram zero-day allows device takeover, but Telegram denies
  2026-03-30

  A critical Telegram flaw could allow zero-click remote code execution on devices, but Telegram denies it. Researcher Michael DePlante (@izobashi) of TrendAI Zero Day disclosed a new Telegram vulnerability through Zero Day Initiative (ZDI). The vulnerability, tracked as ZDI-CAN-30207 (CVSS score of 9.8) allows attackers to execute code on targeted devices without any user interaction. […]