Hackers abused React Native CLI flaw to deploy Rust malware before public disclosure
Hackers exploit a critical React Native CLI flaw (CVE-2025-11953) to run remote commands and drop stealthy Rust malware, weeks before public disclosure. Attackers are actively exploiting a critical flaw in the React Native CLI Metro server, tracked as CVE-2025-11953. The React Native CLI’s Metro dev server binds to external interfaces by default and exposes a […]
Pierluigi Paganini
February 03, 2026
Attackers are actively exploiting a critical flaw in the React Native CLI Metro server, tracked as CVE-2025-11953. The React Native CLI’s Metro dev server binds to external interfaces by default and exposes a command injection flaw. Unauthenticated attackers can send POST requests to execute arbitrary programs, and on Windows can also run shell commands with fully controlled arguments.
Related breach coverage
- Mirai Botnet exploits CVE-2025-29635 to target legacy D-Link routers2026-04-22
Mirai botnet is targeting old D-Link routers using CVE-2025-29635, a command injection flaw exploitable via crafted POST requests after public PoC disclosure. A Mirai botnet is actively exploiting a command injection vulnerability, tracked as CVE-2025-29635, in discontinued D-Link routers, Akamai reports. The flaw allows attackers to inject commands because an attacker-controlled value is copied without […]
- Attackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution2026-04-07
Attackers are exploiting a critical Flowise flaw, tracked as CVE-2025-59528 (CVSS score of 10), that lets them run malicious code and access systems due to poor validation of user-supplied JavaScript. Attackers are actively exploiting a critical vulnerability in Flowise, tracked as CVE-2025-59528, that allows remote code execution and file system access. The flaw stems from improper validation […]
- Hackers actively exploit critical RCE flaw in legacy D-Link DSL routers2026-01-07
Attackers are exploiting a critical flaw (CVE-2026-0625) in old D-Link DSL routers that allows remote command execution. Threat actors are actively exploiting a critical RCE flaw, tracked as CVE-2026-0625 (CVSS score of 9.3), in legacy D-Link DSL routers. The vulnerability is an improper neutralization of special elements used in an OS Command (‘OS Command Injection’), […]
- Over 400,000 sites at risk as hackers exploit Breeze Cache plugin flaw (CVE-2026-3844)2026-04-25
Attackers exploit a Breeze Cache flaw (CVE-2026-3844) to upload files without login. Wordfence researchers detected over 170 attacks. Threat actors are exploiting a critical flaw, tracked as CVE-2026-3844 (CVSS score of 9.8), in the Breeze Cache WordPress plugin, allowing them to upload files to a server without authentication. The vulnerability has already been used in […]