Two new RSC protocol vulnerabilities uncovered
Note: Some patched versions are still being released to npm. If a version listed below is not yet available, please check back shortly. Two additional vulnerabilities have been identified in the React Server Components (RSC) protocol. These issues were discovered while security researchers examined the patches for React2Shell. Importantly, neither of these new issues allow […]
React2Shell and related RSC vulnerabilities threat brief
On December 3, 2025, immediately following the public disclosure of the critical, maximum-severity React2Shell vulnerability (CVE-2025-55182), the Cloudforce One Threat Intelligence team began monitoring for early signs of exploitation. Within hours, we observed scanning and active exploitation attempts, including traffic originating from infrastructure associated with Asian-nexus threat groups. Early activity indicates that threat actors quickly […]
Show HN: Autofix Bot – Hybrid static analysis and AI code review agent
Hi there, HN! We’re Jai and Sanket from DeepSource (YC W20), and today we’re launching Autofix Bot, a hybrid static analysis + AI agent purpose-built for in-the-loop use with AI coding agents. AI coding agents have made code generation nearly free, and they’ve shifted the bottleneck to code review. Static-only analysis with a fixed set […]
Almond (YC X25) Is Hiring SWEs and MechEs
Our mission is to free humans from physical labor with robotics. We imagine a future where robots handle the essential, repetitive work and humans are free to create, connect, and pursue what truly matters to them. To build that future we’re starting from the ground up with hardware. Our first product is a California-designed and […]
Denial of service and source code exposure in React Server Components
December 11, 2025 by The React Team Security researchers have found and disclosed two additional vulnerabilities in React Server Components while attempting to exploit the patches in last week’s critical vulnerability. These new vulnerabilities do not allow for Remote Code Execution. The patch for React2Shell remains effective at mitigating the Remote Code Execution exploit. The […]
UK House of Lords attempting to ban use of VPNs by anyone under 16
This is deranged, each nation’s boomers and reactionaries attempting to outdo the others: “Action to prohibit the provision of VPN services to children in the United Kingdom” … the provider of any Relevant VPN Service which is, or is likely to be — (i) offered or marketed to persons in the United Kingdom; (ii) provided […]
What is the nicest thing a stranger has ever done for you?
What Is the Nicest Thing A Stranger Has Ever Done for You? | Living Out Loud 10 Dec, 2025 So there I was, pedaling my bicycle as fast as I could down a long, straight stretch of road, feeling great. I’d just discovered the pleasures of riding a road bike, and I loved every minute […]
An SVG is all you need
SVGs are pretty cool – vector graphics in a simple XML format. They are supported on just about every device and platform, are crisp on every display, and can have embedded scripts in to make them interactive. They’re way more capable than many people realise, and I think we can capitalise on some of that […]
We built a resource hub to fight back against age verification
Age verification laws are proliferating fast across the United States and around the world, creating a dangerous and confusing tangle of rules about what we’re all allowed to see and do online. Though these mandates claim to protect children, in practice they create harmful censorship and surveillance regimes that put everyone—adults and young people alike—at risk. […]
Going Through Snowden Documents, Part 1
We are building a comprehensive archive and analysis project examining published documents leaked by Edward Snowden. Our methodology involves systematically reviewing each available document with particular attention to small details and information that has received little or no public attention since the initial 2013 disclosures. Throughout this process, we will publish posts highlighting interesting previously […]