The Hacker News

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

Active attacks exploit Metro4Shell (CVE-2025-11953) in React Native CLI to execute commands and deploy Rust malware.

Hackers exploit critical React Native Metro bug to breach dev systems

Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native ...
IEEE

Beyond the Upload Button: A 10-Year Retrospective on Security Issues Within File Upload

Abstract: File upload is a convenient feature offered by a plethora of applications and communication services in various interesting application contexts, such as IoT devices, smart home systems, and ...
CSOonline

Critical jsPDF vulnerability enables arbitrary file read in Node.js deployments

The path traversal bug allows attackers to include arbitrary filesystem content in generated PDFs when file paths are not properly validated. A now-fixed critical flaw in the jsPDF library could ...
Hosted on MSN

Republicans and Democrats react to major redactions in latest Epstein files release

Some Republican and Democratic lawmakers are criticizing the Justice Department's latest release of files related to Jeffrey Epstein after more than 500 pages were entirely blacked out, CBS News has ...
Hosted on MSN

Democrats react to expected partial release of Epstein files

New Mexico Democratic Rep. Teresa Leger Fernández joins ABC News Live to discuss Friday’s expected partial release of the Epstein files and Democrats’ push to make the remaining documents public.
IEEE

URadar: Discovering Unrestricted File Upload Vulnerabilities via Adaptive Dynamic Testing

Abstract: Unrestricted file upload (UFU) vulnerabilities, especially unrestricted executable file upload (UEFU) vulnerabilities, pose severe security risks to web servers. For instance, attackers can ...
Dark Reading

React2Shell Vulnerability Under Attack From China-Nexus Groups

A critical vulnerability affecting the popular open source JavaScript library React is under attack — by none other by Chinese nation-state threat actors. CVE-2025-55182, which was disclosed Wednesday ...
Search Engine Roundtable

Google Search Bar Adds Upload Image/File That Goes To AI Mode

Google is pushing even more ways directly into AI Mode from the main Google home page's search bar. Now when you select to upload an image or file, it will take you into AI Mode by default. This is ...
fox61

Connecticut lawmakers react as US House, Senate pass bill to release Epstein files

CONNECTICUT, USA — Connecticut lawmakers in the U.S. House and Senate helped pass a bill Tuesday for the Justice Department to release unclassified files relating to the Jeffrey Epstein investigation.
The Hacker News

Why React Didn't Kill XSS: The New JavaScript Injection Playbook

React conquered XSS? Think again. That's the reality facing JavaScript developers in 2025, where attackers have quietly evolved their injection techniques to exploit everything from prototype ...