React2Shell Vulnerability Shakes Dev World, Bun Acquired by Anthropic Amidst Apple Exodus and Global RAM Crisis

Source
#react #bun #security #hardware #industry

The software development community is on high alert following the disclosure of ‘React2Shell’, a critical 10/10 Common Vulnerabilities and Exposures (CVE) affecting React Server Components. This severe vulnerability, present in React 19.x, Next.js, React Router, and other frameworks leveraging React Server Components, allows for arbitrary code execution on servers, even if the components are not actively used in the application. Immediate patches have been released (e.g., React 19.0.1) and hosting providers like Vercel and Cloudflare deployed temporary protections, but evidence of real-world exploitation for crypto mining has already surfaced. In other major industry news, the high-performance JavaScript runtime Bun has been acquired by Anthropic, the AI firm behind Claude Sonnet. Bun will remain open-source and continue its development under the original team, with a new strategic focus on AI tools and accelerating Anthropic’s offerings. This acquisition resolves previous sustainability questions surrounding Bun’s future. Meanwhile, Apple is reportedly experiencing a significant ‘brain drain’, with several key executives, including its AI chief, UI design head, and legal director, departing the company, and the architect of its M-series chips, Johnny Srouji, reportedly considering his exit, signaling potential instability and strategic shifts at the tech giant.

The global tech ecosystem is also grappling with an intensifying RAM crisis, driven largely by surging AI data center demand. Micron’s consumer brand, Crucial, will cease operations by February 2026 to prioritize AI memory supply, leading to significant price hikes for DDR5 RAM (up to 300% in months) and supply shortages. Samsung Semiconductors even reportedly rejected a RAM order from Samsung Electronics for upcoming Galaxy phones, while Valve is rumored to consider shipping its Steam Machine without RAM or SSDs to mitigate costs. On the software front, Windows 11 continues to face quality control issues, with a recent update intended to improve dark mode accidentally introducing white flashes in core UI elements. Popular applications like Discord, WhatsApp, and Microsoft Teams are criticized for excessive RAM consumption (1GB-4GB) due to their reliance on WebView2 and web-based architectures; Discord’s temporary fix involves automatically restarting the application when RAM usage exceeds 4GB and the user is inactive. Finally, the media landscape is in flux as Netflix’s announced $82 billion bid for Warner Bros. Discovery’s content assets faces a hostile counter-offer of $100 billion from Paramount, backed by political allies, casting uncertainty over the deal and highlighting the convergence of traditional media and tech-driven content platforms. In related news, JavaScript celebrated its 30th anniversary on December 4, 2025, marking three decades of web evolution, and a new Email Verification Protocol (EVP) is in development, promising privacy-focused email verification directly from the browser without sending traditional emails. Looking ahead, JSConf Spain 2026 has been announced for March 14, 2026, in Madrid, with calls for speakers and sponsors, promising a major event for the JavaScript community.