React got hacked with David Mytton

Download Subscribe
00:00:00
/
00:37:54
RSS Feed Download (88.5 MB) Link with Timestamp

December 16th, 2025

37 mins 54 secs

Link with Timestamp

Download MP3 (88.5 MB)

Your Host
Tags
security react

About this Episode

In this episode, Noel sits down with David Mytton, founder and CEO of Arcjet, to unpack the React2Shell vulnerability and why it became such a serious remote code execution risk for apps using React server components and Next.js. They explain how server-side features introduced in React 19 changed the attack surface, why cloud providers leaned on WAF mitigation instead of instant patching, and what this incident reveals about modern JavaScript supply chain risk. The conversation also covers dependency sprawl, rushed patches, and why security as a feature needs to start long before production.

Links

X: https://x.com/davidmytton
Blog: https://davidmytton.blog

Resources

Multiple Threat Actors Exploit React2Shell: https://cloud.google.com/blog/topics/threat-intelligence/threat-actors-exploit-react2shell-cve-2025-55182

We want to hear from you!

How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend?

Fill out our listener survey! https://t.co/oKVAEXipxu

Let us know by sending an email to our producer, Elizabeth, at [email protected], or tweet at us at PodRocketPod.

Check out our newsletter! https://blog.logrocket.com/the-replay-newsletter/

Follow us. Get free stickers.

Follow us on Apple Podcasts, fill out this form, and we’ll send you free PodRocket stickers!

What does LogRocket do?

LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today.

Chapters