Inside Vercel\u2019s sleep-deprived race to contain React2Shell | CyberScoop<\/title> <meta name=\"description\" content=\"Talha Tariq quickly found his company at the center of a fast-moving, high-stakes mitigation effort. The result: a bounty program, a cat-and-mouse patch fight, and a debate about open-source security coordination.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/vercel-cto-security-react2shell-vulnerability\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Inside Vercel\u2019s sleep-deprived race to contain React2Shell\"> <meta property=\"og:description\" content=\"Talha Tariq quickly found his company at the center of a fast-moving, high-stakes mitigation effort. The result: a bounty program, a cat-and-mouse patch fight, and a debate about open-source security coordination.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/vercel-cto-security-react2shell-vulnerability\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-01-08T23:01:22+00:00\"> <meta property=\"article:modified_time\" content=\"2026-01-08T23:01:25+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/inside-vercels-sleep-deprived-race-to-contain-react2shell-2.jpg\"> <meta property=\"og:image:width\" content=\"6000\"> <meta property=\"og:image:height\" content=\"4000\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1765909325g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1767719924g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1767808656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/87351\"><meta name=\"generator\" content=\"WordPress 6.8.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=87351\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fvercel-cto-security-react2shell-vulnerability%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fvercel-cto-security-react2shell-vulnerability%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-87351 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/vercel-cto-security-react2shell-vulnerability\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"27.492723492723\">\n<div class=\"single-article__header-content\" readability=\"38.540772532189\">\n<p> Talha Tariq quickly found his company at the center of a fast-moving, high-stakes mitigation effort. The result: a bounty program, a cat-and-mouse patch fight, and a debate about open-source security coordination. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/87351\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/inside-vercels-sleep-deprived-race-to-contain-react2shell.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/inside-vercels-sleep-deprived-race-to-contain-react2shell-2.jpg 6000w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/inside-vercels-sleep-deprived-race-to-contain-react2shell-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/inside-vercels-sleep-deprived-race-to-contain-react2shell-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/inside-vercels-sleep-deprived-race-to-contain-react2shell-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/inside-vercels-sleep-deprived-race-to-contain-react2shell-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/inside-vercels-sleep-deprived-race-to-contain-react2shell-2.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/inside-vercels-sleep-deprived-race-to-contain-react2shell-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/inside-vercels-sleep-deprived-race-to-contain-react2shell-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/inside-vercels-sleep-deprived-race-to-contain-react2shell-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/inside-vercels-sleep-deprived-race-to-contain-react2shell-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/inside-vercels-sleep-deprived-race-to-contain-react2shell-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"44.607311056291\"><body readability=\"91.584223918575\"><\/p>\n<p>Talha Tariq and his colleagues at Vercel, the company that maintains Next.js, endured many sleep-deprived nights and weekends when <a href=\"https:\/\/cyberscoop.com\/react2shell-vulnerability-fallout-spreads\/\">React2Shell<\/a> was discovered and <a href=\"https:\/\/cyberscoop.com\/react-server-vulnerability-critical-severity-security-update\/\">disclosed<\/a> soon after Thanksgiving. The defect, which affects vast stretches of the internet\u2019s underlying infrastructure, posed a significant risk for Next.js, an open-source library that depends on vulnerable React Server Components.<\/p>\n<p>He quickly realized he had a major problem to confront with <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-55182\">CVE-2025-55182<\/a>, a maximum-severity vulnerability affecting multiple React frameworks and bundlers that allows unauthenticated attackers to achieve remote code execution in default configurations. <\/p>\n<p>\u201cIt\u2019s literally the very first layer that everybody on the internet interacts with, so from a risk perspective and exposure perspective it\u2019s basically as bad as it could be,\u201d Tariq, the company\u2019s CTO, told CyberScoop.<\/p>\n<p>Tariq and his team initiated and coordinated a massive response effort with major cloud providers, the open source community and technology vendors hours after a developer reported the defect to Meta, which initially created and maintained React before moving the open-source library to the React Foundation in October.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The React team publicly disclosed the flaw with a patch four days later, after Vercel and many other impacted providers implemented platform-level mitigations to minimize damages.<\/p>\n<p>Vercel\u2019s deep integration with and understanding of React meant it had an outsized responsibility to investigate and share its findings across the industry. Doing so would help validate the patch\u2019s effectiveness and ensure downstream customers understood the potential risk once the vulnerability was disclosed, Tariq said. <\/p>\n<p>\u201cNobody slept through the weekend, nobody slept through the night,\u201d he said, adding that it was a 24\/7 response for Vercel for a minimum of two weeks \u2014 extending beyond the vulnerability disclosure into a cat-and-mouse game with attackers seeking to exploit the defect or bypass the patch.<\/p>\n<p>Cybercriminals, ransomware gangs and nation-state threat groups were all taking <a href=\"https:\/\/cyberscoop.com\/attackers-exploit-react-server-vulnerability\/\">swift measures to exploit the vulnerability<\/a>. <\/p>\n<p>Palo Alto Networks\u2019 Unit 42 confirmed more than 60 organizations were directly impacted by attacks involving exploitation of the defect by mid-December. Valid public exploits also hit an all-time high, nearing 200 by that time, according to VulnCheck.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Malicious activity targeting React2Shell remains at a \u201c<a href=\"https:\/\/www.greynoise.io\/blog\/cve-2025-55182-react2shell-opportunistic-exploitation-in-the-wild-what-the-greynoise-observation-grid-is-seeing-so-far\">sustained, elevated pace<\/a>,\u201d cybersecurity firm GreyNoise said in a Wednesday update. The company\u2019s sensors have observed more than 8.1 million attempted attacks since the defect was disclosed, with daily volumes now ranging between 300,000 and 400,000 after peaking in the final weeks of December.<\/p>\n<p>Vercel also responded to React2Shell with a quickly arranged HackerOne bounty program offering $50,000 for each verified technique that bypassed its web application firewall. More than 116 researchers participated, and Vercel ultimately paid out $1 million for 20 unique bypass techniques. <\/p>\n<p>The company said this work allowed it to block more than 6 million exploit attempts targeting environments running vulnerable versions of Next.js. Tariq said it was the \u201cbest million dollars spent,\u201d considering the potential impact and exposure it contained.<\/p>\n<p>Tariq doesn\u2019t look back on the initial response toReact2Shell with regret. Instead, he sees it as motivation to address a persistent challenge rooted in coordination.<\/p>\n<p>The burden to promptly address security issues with the broader community often falls on individuals like Tariq who relied on personal relationships to coordinate an industry-wide response. This involved direct contact and communication with security leaders at Google, Microsoft, Amazon and others, he said. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cWe have to do better as an industry and figure out a more sustaining way to do this,\u201d Tariq said.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.4261363636364\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/inside-vercels-sleep-deprived-race-to-contain-react2shell-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/vercel-cto-security-react2shell-vulnerability\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Inside Vercel\u2019s sleep-deprived race to contain React2Shell | CyberScoop Skip<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[78,4357,3117,1702,3963,3288,5684,1515,310,288,183,5745,4136,2281,2759],"tags":[86,4359,3118,1706,3964,3290,5685,1521,311,294,207,5746,4140,2283,2760],"class_list":["post-8243","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","category-greynoise","category-hackerone","category-meta","category-next-js","category-open-source-software","category-react2shell","category-response","category-technology","category-threats","category-unit-42","category-vercel","category-vulncheck","category-vulnerability","category-vulnerability-reporting","tag-cybersecurity","tag-greynoise","tag-hackerone","tag-meta","tag-next-js","tag-open-source-software","tag-react2shell","tag-response","tag-technology","tag-threats","tag-unit-42","tag-vercel","tag-vulncheck","tag-vulnerability","tag-vulnerability-reporting"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/greynoise\/\" rel=\"category tag\">greynoise<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/hackerone\/\" rel=\"category tag\">HackerOne<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/meta\/\" rel=\"category tag\">Meta<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/next-js\/\" rel=\"category tag\">Next.js<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/open-source-software\/\" rel=\"category tag\">open source software<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/react2shell\/\" rel=\"category tag\">React2Shell<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/response\/\" rel=\"category tag\">Response<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/unit-42\/\" rel=\"category tag\">Unit 42<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vercel\/\" rel=\"category tag\">Vercel<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulncheck\/\" rel=\"category tag\">VulnCheck<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability\/\" rel=\"category tag\">vulnerability<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability-reporting\/\" rel=\"category tag\">vulnerability reporting<\/a>","tag_info":"vulnerability reporting","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8243","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8243"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8243\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8243"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8243"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8243"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8243,"date":"2026-01-08T17:01:22","date_gmt":"2026-01-08T23:01:22","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=87351"},"modified":"2026-01-08T17:01:22","modified_gmt":"2026-01-08T23:01:22","slug":"inside-vercels-sleep-deprived-race-to-contain-react2shell","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/01\/08\/inside-vercels-sleep-deprived-race-to-contain-react2shell\/","title":{"rendered":"Inside Vercel\u2019s sleep-deprived race to contain React2Shell"},"content":{"rendered":"