Bleeping Computer

Critical flaw in Next.js lets hackers bypass authorization

A critical severity vulnerability has been discovered in the Next.js open-source web development framework, potentially allowing attackers to bypass authorization checks. The flaw, tracked as CVE-2025 ...
heise online

Next.js 16.2 brings updates for performance, AI agents, and Turbopack

The React framework has over 200 changes for the Turbopack bundler and aims to make the use of AI agents more efficient. The Next.js team at manufacturer Vercel has completed version 16.2 of the React ...
Bleeping Computer

Fake Next.js job interview tests backdoor developer's devices

A coordinated campaign targeting software developers with job-themed lures is using malicious repositories posing as legitimate Next.js projects and technical assessment materials, including ...
InfoWorld

Next.js 16 features explicit caching, AI-powered debugging

Announced October 21, Next.js 16 now is generally available, with installation instructions available at nextjs.org. Highlights include Cache Components, a new set of features designed to make caching ...