Critical vulnerability CVE-2025-55182 found in react and next.js - allows pre-auth code execution on the server. Pretty widespread campaign at the moment targetting any and all websites.

The website above is official advisory - this is a good overview too https://youtu.be/iV48tEiHFDY