Red.

VoidZero is joining Cloudflare. Our mission stays the same: to make JavaScript developers more productive than ever before. Vite, Vitest, Rolldown, Oxc, and Vite+ remain MIT-licensed. Evan and the VoidZero team will continue leading them. Cloudflare shares our commitment to open source. Together, we can keep investing in the tooling developers rely on every day, while bringing the Vite ecosystem and Cloudflare’s platform even closer together.

✈️ Royal Air Maroc a annoncé la suspension provisoire de plusieurs lignes internationales, dans un contexte marqué par la forte hausse des prix du kérosène liée aux tensions géopolitiques au Moyen-Orient. ➡️ Plusieurs dessertes au départ de Casablanca, Tanger et Marrakech sont concernées, notamment vers l’Afrique centrale et certaines villes européennes. La compagnie assure mettre en place des mesures d’accompagnement pour les passagers impactés. Les lignes concernées: * Casablanca – Bangui * Casablanca – Brazzaville * Casablanca – Kinshasa * Casablanca – Douala * Casablanca – Yaoundé * Casablanca – Libreville * Tanger – Malaga * Tanger – Barcelone * Marrakech – Lyon * Marrakech – Bordeaux * Marrakech – Marseille * Marrakech – Bruxelles 🔗: https://t.co/BDbODQR1EA

🚨 How the TanStack npm attack actually happened: 1. Attacker opened a normal-looking pull request (#7378) on the TanStack repo. 2. GitHub automatically ran CI tests on that PR. 3. Code inside the PR stole the workflow's GitHub Actions Cache write token during the test run. 4. The attacker used that token to plant poisoned files in the shared build cache. The PR could be closed afterwards. The poisoned cache stays. 5. The official release workflow later pulled from the cache, baked the malicious files into the build, and signed and published 84 malicious package versions to npm.

We just cut the SDK 56 beta 😅 ◆ 50%+ faster iOS builds (precompiled XCFrameworks) ◆ 40% faster cold starts on Android ◆ Expo UI is stable ◆ iOS widgets are stable ◆ expo-router rebuilt from scratch ◆ Inline native modules ◆ Brownfield multi-app support The obvious themes are speed and stability. But there are a lot of other interesting changes (like Expo Router decoupling itself form React Navigation). Get all the nuance and detail in the changelog below ↓

TODAY: Amazon is opening its entire logistics network—freight, distribution, fulfillment, and parcel shipping capabilities—to every business, of all types and sizes. 📦 Amazon has built one of the most reliable and efficient supply chains on Earth. Now, Amazon Supply Chain Services gives all businesses access to the same infrastructure that moves, stores, and ships goods for hundreds of thousands of Amazon sellers. Healthcare, automotive, manufacturing, retail, and more. Businesses across industries can now tap into Amazon's logistics network. Learn more here. ⬇️

‼️Copy Fail (CVE-2026-31431) is a Linux privilege escalation bug that lets any local user get root using a 732-byte Python script, and itworks on basically every major Linux distro shipped since 2017. Website: https://t.co/f5G6KnEv35 Write-up: https://t.co/W86Pz2PC6C GitHub: https://t.co/zAMTC6nTRk It's a logic flaw in the kernel's crypto code (authencesn via AF_ALG and splice()) that allows a small write into the page cache, which can be used to tamper with a setuid binary like /usr/bin/su. Think how bad this is going to be for shared environments like Kubernetes, CI runners, and cloud sandboxes, where it enables container escape and tenant-to-host compromise. Found by Theori's Xint Code scanner, patched in the mainline kernel, and publicly disclosed on April 29, 2026; if you can't patch right away, the recommended workaround is to disable the algif_aead module.

🚨 BREAKING: cPanel and WHM, the control panels behind an estimated 70+ million websites, have a critical security flaw that lets anyone become root admin without a password. CVE-2026-41940 affects every supported version. It’s already being exploited in the wild. watchTowr Labs published the full attack today, after the hosting company KnownHost confirmed the bug was already being used to break into a significant chunk of the internet. If you've never heard of cPanel: it's the dashboard that hosting providers and millions of website owners use to manage their servers, domains, email accounts, databases, and SSL certificates. WHM is the admin version that controls the entire server. If someone gets root access to WHM, they get the keys to the kingdom and to every apartment inside it. How the attack works, in plain English: 🔴 Step 1: The attacker sends a deliberately wrong login. cPanel still creates a temporary "you tried to log in" record on disk and gives the attacker a cookie tied to it. 🔴 Step 2: The attacker tweaks the cookie to disable cPanel's password encryption. Normally cPanel encrypts the password field on disk. With one small change to the cookie, cPanel just stores it as plain text instead. 🔴 Step 3: The attacker sends a fake login attempt where the password field secretly contains hidden line breaks. cPanel does not strip these line breaks out, so they get written straight to the session file. Each line break creates a brand new fake record. The attacker uses this to inject lines that say "this user is root" and "this user already authenticated successfully." 🔴 Step 4: The attacker visits one more random page on the site to nudge cPanel into re-reading the file. cPanel then promotes the injected fake lines into its main session memory. 🔴 Step 5: On the next request, cPanel sees a flag that says "this user already passed the password check." cPanel trusts that flag, skips checking the actual password, and lets the attacker in as root. From start to finish, the attack takes a handful of HTTP requests. If you run cPanel or WHM, the patched versions are: 🔴 cPanel/WHM 110.0.x → 11.110.0.97 🔴 cPanel/WHM 118.0.x → 11.118.0.63 🔴 cPanel/WHM 126.0.x → 11.126.0.54 🔴 cPanel/WHM 132.0.x → 11.132.0.29 🔴 cPanel/WHM 134.0.x → 11.134.0.20 🔴 cPanel/WHM 136.0.x → 11.136.0.5 If your version is older than these, assume someone has already broken in and act accordingly. Patch right now, then rotate every password and key the server touched: root passwords, API tokens, SSL private keys, SSH keys, mail passwords, and database passwords.