Vercel 已经出手，在它的全球 Web Application Firewall（WAF）上， 加了一层拦截规则，免费帮所有托管在上面的项目挡一波。他们还拉着 React 官方一起， 把规则分享给其他 WAF / CDN 提供商， 尽可能在外围先砌好一圈墙。 用 React 19 / Next.js 的，别慌，但立刻检查你的项目。

Security researchers warn that hundreds of already compromised Next.js devices are hitting honeypots, while tens of thousands of servers remain vulnerable to the critical React vulnerability. Eduardo ...

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.

Critical vulnerability in React library should be treated by IT as they did Log4j - as an emergency, warns one expert. Developers using the React 19 library for building application interfaces are ...

A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as ...

Homebridge requires Node.js installed on your system to run. You will need to update the Node.js runtime from time to time to enable support for new features ...

A new cyberattack has put millions of crypto users on alert after hackers slipped malicious code into NPM, the software registry that powers thousands of apps and websites, including many tied to ...

The breach hit core JavaScript libraries such as chalk and strip-ansi, downloaded billions of times each week, raising alarms over the security of open-source software. Hackers have compromised widely ...

NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by bitcoin wallets. A major NPM developer, qix, has had their account compromised.

Now you can create the home page to start adding content or access the administration panel to manage settings, users, and features: If you click the Create Home Page button, you’ll be asked to select ...