Hackers use critical React Native Metro bug to breach dev systems

Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native to deliver malicious payloads for Windows and Linux.

Notepad++ updates got hijacked for months and could have spied for China

The developer did not specify when they became aware of the attack, but said that “all attacker access was definitively ...
The Hacker News

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

A high-severity OpenClaw flaw allows one-click remote code execution via token theft and WebSocket hijacking; patched in ...
The Hacker News

Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group

Rapid7 links China-linked Lotus Blossom to a 2025 Notepad++ hosting breach that delivered the Chrysalis backdoor via hijacked ...