Next.js 16.2 brings updates for performance, AI agents, and Turbopack

The React framework has over 200 changes for the Turbopack bundler and aims to make the use of AI agents more efficient.

Attack on Next.js manufacturer Vercel: customer data exfiltrated

Vercel's internal systems and customer data were compromised in a security incident. An external AI tool served as the entry point.
Security Boulevard

CVE-2026-23870: Imperva Customers Protected Against Critical React Server Components DoS ...

TL;DR: A newly disclosed denial-of-service vulnerability, CVE-2026-23870, impacts React Server Components and dependent frameworks, including Next.js App Router deployments. The flaw enables ...
InfoWorld

Next.js 16 features explicit caching, AI-powered debugging

Vercel’s React framework for building full-stack web applications gets an upgrade in Next.js 16, with more explicit caching and AI-based debugging, among other features. Announced October 21, Next.js ...
Infosecurity-magazine.com

NCSC Urges Users to Patch Next.js Flaw Immediately

The UK’s leading cybersecurity agency has urged users of a popular open source web development framework to patch a critical vulnerability immediately. The National Cyber Security Centre (NCSC) warned ...