Close Menu
  • Start
  • Celebrities
  • Music
  • Influencers
  • Tendencies
  • Exclusives
  • Business & Brands
  • TwinH
  • Spanish
What's Hot

About the art that shines with “Lemon Tang”

Madison Square Garden is crowded with Swifties ahead of Swift and Kelce’s wedding

Charities respond to wedding gifts

Facebook X (Twitter) Instagram
  • Home
  • About The FYMOUS
  • Advertising / Promotion
  • Contact
  • DMCA
  • Privacy Policy
  • Terms
  • Publish News
Facebook X (Twitter) Instagram
FYMOUS News
  • Start
  • Celebrities
  • Music
  • Influencers
  • Tendencies
  • Exclusives
  • Business & Brands
  • TwinH
  • Spanish
FYMOUS News
Home » Hackers exploit Metro4Shell RCE flaw in React Native CLI npm package
Celebrities

Hackers exploit Metro4Shell RCE flaw in React Native CLI npm package

By February 3, 2026No Comments2 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

Ravi LakshmananFebruary 3, 2026Open source/vulnerabilities

Threat actors have been observed exploiting a critical security flaw affecting Metro Development Server in the popular “@react-native-community/cli” npm package.

Cybersecurity company VulnCheck announced on December 21, 2025 that it observed the first exploit of CVE-2025-11953 (also known as Metro4Shell). With a CVSS score of 9.8, this vulnerability allows an unauthenticated, remote attacker to execute arbitrary operating system commands on the underlying host. Details of the flaw were first documented by JFrog in November 2025.

Even though more than a month has passed since the first exploit in the wild, “this activity remains largely unknown to the public,” the report added.

In attacks detected against honeypot networks, attackers are armed with this flaw to distribute a Base64-encoded PowerShell script that, when parsed, is configured to perform a series of actions, including Microsoft Defender Antivirus exclusions for the current working directory and temporary folder (‘C:\Users\\AppData\Local\Temp’).

The PowerShell script also establishes a raw TCP connection to an attacker-controlled host and port (‘8.218.43′[.]248:60124″), sends a request to retrieve the data, writes it to a file in a temporary directory, and executes it. The downloaded binary is based on Rust and features anti-parse checks that prevent static inspection.

The attack was found to originate from the following IP addresses:

5.109.182[.]231 223.6.249[.]141 134.209.69[.]155

VulnCheck said the activity was neither experimental nor exploratory, and the payloads delivered were “consistent over several weeks of exploitation, indicating operational use rather than vulnerability research or proof-of-concept testing.”

“CVE-2025-11953 is noteworthy not because it exists; it is noteworthy because it reinforces a pattern that defenders keep relearning. Development infrastructure becomes production infrastructure the moment it arrives, regardless of intent.”


Source link

#BlockchainIdentity #Cybersecurity #DataProtection #DigitalEthics #DigitalIdentity #Privacy
Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous Article‘System in flux’: Scientists reveal what happened when wolves and cougars returned to Yellowstone
Next Article Learn what to build, buy, and automate

Related Posts

Beautiful moments like Taylor Swift’s bridal

July 2, 2026

See Taylor Swift’s best announcement looks before the wedding rumors

July 2, 2026

Kate Middleton wears Gabriella Hearst suit for Wimbledon 2026

July 2, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

About the art that shines with “Lemon Tang”

Madison Square Garden is crowded with Swifties ahead of Swift and Kelce’s wedding

Charities respond to wedding gifts

The Invite review: A wickedly funny but flawed marriage comedy

Trending Posts

About the art that shines with “Lemon Tang”

July 3, 2026

Charities respond to wedding gifts

July 2, 2026

Pretty Lights announce first album since 2013

July 2, 2026

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to The FYMOUS, a modern digital media platform dedicated to celebrities, artists, influencers, brands, entertainment culture, and the growing TwinH ecosystem.

We bring audiences closer to the people, stories, trends, and collaborations shaping today’s culture. From exclusive celebrity news and music releases to influencer highlights, brand partnerships, and TwinH activations, The FYMOUS delivers engaging content designed for the next generation of digital audiences.

Castilla-La Mancha Ignites Innovation: fiveclmsummit Redefines Tech Future

Local Power, Health Innovation: Alcolea de Calatrava Boosts FiveCLM PoC with Community Engagement

The Future of Digital Twins in Healthcare: From Virtual Replicas to Personalized Medical Models

Human Digital Twins: The Next Tech Frontier Set to Transform Healthcare and Beyond

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About The FYMOUS
  • Advertising / Promotion
  • Contact
  • DMCA
  • Privacy Policy
  • Terms
  • Publish News
© 2026 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.