Security Boulevard

CVE-2026-23870: Imperva Customers Protected Against Critical React Server Components DoS Vulnerability

TL;DR: A newly disclosed denial-of-service vulnerability, CVE-2026-23870, impacts React Server Components and dependent frameworks, including Next.js App Router deployments. The flaw enables ...

Next.js 16.2 brings updates for performance, AI agents, and Turbopack

The React framework has over 200 changes for the Turbopack bundler and aims to make the use of AI agents more efficient.

Attack on Next.js manufacturer Vercel: customer data exfiltrated

Vercel's internal systems and customer data were compromised in a security incident. An external AI tool served as the entry point.
InfoWorld

Next.js 16 features explicit caching, AI-powered debugging

Vercel’s React framework for building full-stack web applications gets an upgrade in Next.js 16, with more explicit caching and AI-based debugging, among other features. Announced October 21, Next.js ...
InfoWorld

The best new features in Next.js 13

Next.js 13 brings a slew of new features, including the new Turbopack bundler, support for React Server Components, and more. Let's get started with Next.js 13. Next.js is like React with benefits, in ...
Infosecurity-magazine.com

NCSC Urges Users to Patch Next.js Flaw Immediately

The UK’s leading cybersecurity agency has urged users of a popular open source web development framework to patch a critical vulnerability immediately. The National Cyber Security Centre (NCSC) warned ...