Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
OfficeChai

Cloudflare Says It Used AI To Rebuild Next.js In 1 Week For $1,100

AI isn’t just helping out with coding — it’s helping complete entire projects at a pace and price-point that would’ve been unthinkable ...
The Hacker News

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

While the Windows maker did not attribute the activity to a specific threat actor, the use of VS Code tasks and Vercel ...
InfoWorld

The best new features in Next.js 13

Next.js 13 brings a slew of new features, including the new Turbopack bundler, support for React Server Components, and more. Let's get started with Next.js 13. Next.js is like React with benefits, in ...

Fake Next.js job interview tests backdoor developer's devices

The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, ...
InfoWorld

Developers urged to immediately upgrade React, Next.js

Critical vulnerability in React library should be treated by IT as they did Log4j - as an emergency, warns one expert. Developers using the React 19 library for building application interfaces are ...
Bleeping Computer

Critical flaw in Next.js lets hackers bypass authorization

A critical severity vulnerability has been discovered in the Next.js open-source web development framework, potentially allowing attackers to bypass authorization checks. The flaw, tracked as CVE-2025 ...
CMS Wire

Next.js Releases Version 10, Live Previews for Drupal Core, & More Open Source News

In this month's Open Source Newsbyte, we've got news featuring Next.js, Drupal, TYPO3, Liferay, and Magnolia CMS. 2020 has been an excellent year for Next.js. The creators have invested heavily in ...