I've been really concerned about recent vulnerabilities like React2Shell and Mongobleed, which both appeared within a few weeks of each other. They exploit issues with 'input sanitization', and I don't think this is just a problem with vibecoding; it's something that has been around for a while. Personally, I had to wipe my VPS because a hacker installed a crypto miner on it and used it for DDoS attacks. These vulnerabilities are serious, yet it seems like not many people are discussing them.
5 Answers
Honestly, AI has gotten really good at detecting these kinds of vulnerabilities, which might be part of why they're coming to light more often now.
These vulnerabilities are definitely talked about for a while whenever they surface. Regardless of who coded them, some developer approved the code and there should have been tests in place to catch issues like this.
If you're keeping up with the security space, the rate of vulnerabilities has remained pretty consistent. It’s always been like a cold war between hackers and security experts. If you want to stay informed, I recommend following sources like 'SecurityAffairs' and checking it out daily.
Honestly, I’m hesitant about RSC (React Server Components). I think it’s a cool idea, but I keep seeing serious vulnerabilities popping up around it. I’m steering clear of implementing it until those concerns are addressed.
The tech debt from older open-source projects is a serious threat to today’s web ecosystem. Even if a vulnerability isn't in your direct dependencies, it could be lurking in a child dependency. If it’s open source, chances are it's being scanned.
What's RSC?