Threat actors are actively exploiting a critical remote code execution vulnerability in React Native’s Metro development server to deploy sophisticated malware targeting software developers worldwide. The vulnerability, tracked as CVE-2025-11953 and nicknamed “Metro4Shell,” allows unauthenticated attackers to execute arbitrary operating system commands on developer machines by sending specially crafted HTTP requests. Security researchers at JFrog […] The post Hackers Actively Exploit React Native Metro Server Flaw to Target Developers in the Wild appeared first on Cyber Security News.