React RCE: CVE-2025-55182 Hits 39% of Cloud Apps
Meta and Vercel disclosed critical CVE-2025-55182 and CVE-2025-66478 on December 3, 2025—both rated CVSS 10.0 (maximum severity). The vulnerabilities allow unauthenticated remote code ...
React 19 Critical RCE: CVSS 10.0 Flaw Affects 39% of Cloud Environments
React 19 and Next.js contain a critical unauthenticated RCE vulnerability rated CVSS 10.0—maximum severity. Wiz ...
Open Source Crisis: 60% Unpaid, $20M Emergency Fund
Open source is collapsing under its own success. 60% of maintainers work unpaid while serving ...
runC Container Breakout: 3 Critical CVEs Hit Docker and Kubernetes
Three critical vulnerabilities in runC—the low-level container runtime powering Docker and Kubernetes—allow attackers to break ...
150K npm Packages Flood Registry for Crypto Rewards
Amazon Inspector caught 150,000+ malicious npm packages exploiting tea.xyz blockchain rewards through token farming - ...
EU Chat Control: “Voluntary” Surveillance Goes Mandatory
EU Chat Control passed Nov 26. Experts warn: "voluntary" scanning coerced by regulation, 48% false positives, mandatory age verification ends anonymity for 450M ...
OpenAI Dumps Mixpanel After API Users Hit by Breach
OpenAI terminated its relationship with analytics vendor Mixpanel today after the company disclosed a security ...
PowerToys 0.96 Brings On-Device AI to Windows Clipboard
Microsoft just shipped something developers have been asking for: AI-powered clipboard tools that don’t phone ...
npm Shai-Hulud 2.0: 25,000+ Repos Compromised in 2 Days
Shai-Hulud 2.0 worm exploited npm preinstall scripts Nov 21-23, compromising 796 packages, 25,000+ repos, exposing ...
Oracle Zero-Day Hits Canon, 100+ Enterprises: CVE-2025-61882
Canon has confirmed a breach via Oracle E-Business Suite zero-day CVE-2025-61882, joining over 100 major ...
