Next.js… Aftermath? 😓

🚨 A new high-risk zero-day vulnerability (CVE-2025-8110) is being maliciously exploited, affecting the Gogs platform! I have written a detection script that can detect vulnerable instances at scale: Wiz's analysis:

Once again 🤦 cloudflare 🤦

AI is too powerful now; it's difficult to compete with it in terms of actions. In the future, we'll probably have to compete with AI in terms of humanity and the details of human nature. If humans don't become as human as AI in the future, then we might really have no way to survive.

#CVE-2025-55182: RSC RCE — It exists as an in-memory webshell backdoor, providing a more covert foothold. Please verify again on your own terminal.

Below is our preliminary analysis of the critical remote code execution (RCE) vulnerabilities CVE-2025-55182 and CVE-2025-66478 in React and Next.js—these vulnerabilities allow for unauthenticated RCE attacks under default configurations—please fix them as soon as possible:

🤦A group called ShadyPanda infected 4.3 million Chrome and Edge users with Trojans and spyware. They first released a legitimate extension, and after accumulating a large user base, they updated the extension to make it malicious and steal information.

Wow, that's awesome! 😂

AI agent discovers $4.6 million vulnerability in blockchain smart contract

Europol: Germany and Switzerland work together to seize a $1.4 billion cryptocurrency mixer.