TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

A critical vulnerability (CVE-2025-11953) in React Native's Metro development server is being actively exploited to deliver malware to Windows and Linux systems. The flaw allows unauthenticated attackers to execute arbitrary commands via OS command injection through an exposed endpoint. Despite proof-of-concept exploits appearing immediately after disclosure in November and active exploitation observed since December, the vulnerability has received minimal public attention. Attacks have used multi-stage PowerShell loaders that disable Microsoft Defender before deploying Rust-based payloads with anti-analysis features. The affected npm package has nearly 2.5 million weekly downloads, making the exposure significant.

Critical React Native Metro dev server bug under attack