The Hacker News

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

"The C2 hosts a web-based graphical user interface (GUI) titled 'NEXUS Listener' that can be used to view stolen information ...
InfoWorld

Next.js 16 features explicit caching, AI-powered debugging

Announced October 21, Next.js 16 now is generally available, with installation instructions available at nextjs.org. Highlights include Cache Components, a new set of features designed to make caching ...
Bleeping Computer

Critical flaw in Next.js lets hackers bypass authorization

A critical severity vulnerability has been discovered in the Next.js open-source web development framework, potentially allowing attackers to bypass authorization checks. The flaw, tracked as CVE-2025 ...