Active attacks exploit Metro4Shell (CVE-2025-11953) in React Native CLI to execute commands and deploy Rust malware.

A self-hosted AI assistant that lives in your chat app, Clawdbot promises to do real work, but only if you’re willing to trust it with real access.