Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote ...
Yahoo Finance

“Avoid On-Chain Transactions”: Ledger CTO Issues Urgent Warning After JavaScript Attack

A large-scale supply chain attack on the JavaScript ecosystem has prompted an urgent warning from Ledger’s chief technology officer, Charles Guillemet, who advised users without hardware wallets to ...
ZDNet

Google's warning: Time's up for JavaScript dialogs that trap you with 'Sure you want to leave?' pop-ups

Why browsers still allow pop-up dialogs, which are favored by scammers, is a mystery that baffles techies. As one user on HackerNews recently complained: "There are still malware and advertising sites ...

Google patches worrying Chrome zero-day flaw being exploited in the wild - here's how to stay safe

The vulnerability is now tracked as CVE-2025-13223 and has a severity score of 8.8/10 (high). "Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially ...