CISA warns that attackers are actively exploiting the React2Shell CVE-2025-55182 flaw, urging fast patching across vulnerable systems.

The Tidyverse Blog offers insights, tutorials, and updates on the Tidyverse, a collection of R packages for data science and statistical computing. Covering topics such as data manipulation, visualization, and analysis, the blog provides resources for R developers looking to leverage the power of the Tidyverse for their data projects. Developers can learn how to use Tidyverse packages effectively to clean, transform, and analyze data in R.

The Hacker News

CISA has accelerated the patching deadline for React2Shell (CVE-2025-55182), a critical vulnerability with a CVSS score of 10.0 affecting React Server Components and frameworks like Next.js. The flaw allows unauthenticated remote code execution through unsafe deserialization. Since disclosure on December 3, 2025, threat actors have conducted widespread exploitation with over 35,000 attempts recorded in a single day, targeting government sites, critical infrastructure, and technology companies. Over 137,000 vulnerable IP addresses remain exposed globally, with attackers deploying cryptocurrency miners, botnet malware, and conducting reconnaissance for supply chain attacks.

React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation

I love it, this is what the internet was and apparently still is 🙃 😌 ☺️

Another react hack, surprise surprise

This highlights how React and Next.js are now true server-side attack surfaces. Patching React alone isn’t enough the full framework stack and dependencies must be upgraded. WAF rules help temporarily, but fast updates and limiting exposed server components are what actually fix the risk.