Hackers exploit React2Shell in automated credential theft campaign
Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js
Axios npm hack used fake Teams error fix to hijack maintainer account
The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was