Normal view

Received — 3 February 2026 ⏭ The Register – Security

The Register – Security
Critical React Native Metro dev server bug under attack as researchers scream into the void 3 February 2026 at 20:01

Critical React Native Metro dev server bug under attack as researchers scream into the void

3 February 2026 at 20:01

Too slow react-ion time

Baddies are exploiting a critical bug in React Native's Metro development server to deliver malware to both Windows and Linux machines, and yet the in-the-wild attacks still haven't received the "broad public acknowledgement" that they should, according to security researchers.…

The Register – Security
Notepad++ hijacking blamed on Chinese Lotus Blossom crew behind Chrysalis backdoor 3 February 2026 at 00:23

Notepad++ hijacking blamed on Chinese Lotus Blossom crew behind Chrysalis backdoor

The Register – Security

By: Jessica Lyons

3 February 2026 at 00:23

The group targets telecoms, critical infrastructure - all the usual high-value orgs

Security researchers have attributed the Notepad++ update hijacking to a Chinese government-linked espionage crew called Lotus Blossom (aka Lotus Panda, Billbug), which abused weaknesses in the update infrastructure to gain a foothold in high-value targets by delivering a newly identified backdoor dubbed Chrysalis.…