The Hacker News

⚡ Weekly Recap: IoT Exploits, Wallet Breaches, Rogue Extensions, AI Abuse & More

First 2026 cyber recap covering IoT exploits, wallet breaches, malicious extensions, phishing, malware, and early AI abuse.
Bleeping Computer

RondoDox botnet exploits React2Shell flaw to breach Next.js servers

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. First documented by Fortinet in July ...
Search Engine Land

Google explains JavaScript execution on non-200 HTTP status codes

Google made another change to the JavaScript SEO documentation help document to explain and clarify JavaScript execution on non-200 HTTP status codes. The change. Google wrote, “All pages with a 200 ...
MarketWatch

Structure Therapeutics details positive trial data for a weight-loss pill, and the stock rockets

Structure Therapeutics’ stock soared toward an 18-month high in early Monday trading, after mid-stage data for its oral daily GLP-1 receptor appeared comparable to that of one of Eli Lilly’s ...
The Hacker News

New React RSC Vulnerabilities Enable DoS and Source Code Exposure

The React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited, could result in denial-of-service (DoS) or source code exposure. The team ...
The New York Times

Gianni Infantino accused of breaching FIFA’s ethics codes in relation to President Trump comments

Trump received the FIFA Peace Prize from Infantino last Friday Andrew Harnik / Getty Images An official complaint has been submitted to FIFA’s Ethics Committee, alleging “repeated breaches” of FIFA’s ...
Deadline.com

Hollywood Teamsters Disavow Netflix-WB Merger As “Yet Another Call For Alarm” Over Media Consolidation, Urging U.S. Regulators To “Reject This Deal”

The Hollywood Teamsters‘ boss Lindsay Dougherty joined several other union leaders in raising alarm bells Friday regarding Netflix’s plans to acquire Warner Bros. in an $82 billion deal. Following the ...
Bleeping Computer

Cloudflare blames today's outage on React2Shell mitigations

Earlier today, Cloudflare experienced a widespread outage that caused websites and online platforms worldwide to go down, returning a "500 Internal Server Error" message. The internet infrastructure ...
Infosecurity-magazine.com

React.js Hit by Maximum-Severity 'React2Shell' Vulnerability

A critical remote code execution vulnerability in React.js has been identified. React.js is a JavaScript library for building fast, interactive user interfaces (UIs) using reusable components. The ...
Live Science

Giant rotating string of galaxies is 'probably the largest spinning object' in the known universe

A giant rotating filament of the cosmic web may be the largest spinning structure ever seen, and could help reveal how galaxies form. When you purchase through links on our site, we may earn an ...
winbuzzer.com

AI Coding: Anthropic Acquires JS-Runtime Maker Bun As Claude Code Hits $1 Billion Revenue

Moving to own the infrastructure behind its AI agents, Anthropic has acquired Bun, a high-performance JavaScript runtime designed to replace Node.js. The deal, reportedly valued in the low hundreds of ...
Dark Reading

Critical React Flaw Triggers Calls for Immediate Action

A maximum-severity vulnerability in React, a widely used open source software library, could enable remote code execution (RCE) in a massive number of cloud environments, sparking grave concern within ...