Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.
The Register on MSN

Critical React Native Metro dev server bug under attack as researchers scream into the void

Too slow react-ion time Baddies are exploiting a critical bug in React Native's Metro development server to deliver malware ...
The Hacker News

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

Active attacks exploit Metro4Shell (CVE-2025-11953) in React Native CLI to execute commands and deploy Rust malware.
SecurityWeek

Critical React Native Vulnerability Exploited in the Wild

Threat actors are exploiting the Metro4Shell React Native vulnerability to deploy malware on Linux and Windows systems.

"Open source Windows" ReactOS is now 30 years old"Open source Windows" ReactOS is now 30 years old0 0

ReactOS, which many refer to as the "open source version of Windows" has reached its 30th birthday. Development on the free ...
Los Angeles Times

Native people refuse to be erased from America’s past, present or future

This is read by an automated voice. Please report any issues or inconsistencies here. President Trump seems determined to transform America into a straight white Christian nation. He filters our ...
Smithsonian Magazine

How Native Americans Are Celebrating the Holiday Season With Festive Meals, Public Service and Cherished Traditions

The winter holidays and especially Christmas have different meanings to tribes and Native individuals across Indian Country as they commune with friends and family Dennis Zotigh Beckham Barehand (Dine ...
CBS News

Dozens of Native Americans report being questioned or detained by ICE

As President Donald Trump's immigration crackdown continues, one community says they've felt unfairly targeted. This year, the Navajo Nation said dozens of Native Americans have been questioned or ...
Bleeping Computer

React2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerable

Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now confirming that attackers have already ...
TechSpot

Critical vulnerability in React JS framework has a near 100% chance to be exploited

Facepalm: A widely used web technology is affected by a serious security vulnerability that can be exploited with minimal effort to compromise servers. Known as "React2Shell," the flaw may require ...
Bleeping Computer

Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
Ars Technica

Admins and defenders gird themselves against maximum-severity server vuln

Security defenders are girding themselves in response to the disclosure of a maximum-severity vulnerability disclosed Wednesday in React Server, an open-source package that’s widely used by websites ...