🚨 Severity 10/10: The React Exploit That Shocked the Web Dev World
Imagine waking up to find your server blocked for mining crypto for a stranger.
That’s exactly what happened to developers this week, thanks to a critical vulnerability in React and Next.js that enabled full root-level server takeover.
In this episode of The Programming Podcast, we break down the “Perfect Hack” step-by-step, how Vercel burned $750,000 in a single weekend to contain it, and the one line in your Dockerfile that might be leaving your environment exposed.
Then we shift gears into a tough career conversation:
Are you a “Tourist Developer”, constantly learning, never shipping?
If you’ve got 50 tabs open and 0 deployed code… the second half of this episode is for you.
SITE https://www.programmingpodcast.com/
💡 Sponsor: Level Up Financial Planning
Changing careers or increasing your income? Get financial clarity with Level Up Financial Planning—helping early and mid-career tech professionals secure their financial future. Visit LevelUpFinancialPlanning.com for a free consultation!
https://www.levelupfinancialplanning.com/
Stay in Touch:
📧 Have ideas or questions for the show? Or are you a business that wants to talk business?
Email us at dannyandleonspodcast@gmail.com!
Danny Thompson
https://x.com/DThompsonDev
https://www.linkedin.com/in/DThompsonDev
www.DThompsonDev.com
Leon Noel
https://x.com/leonnoel
https://www.linkedin.com/in/leonnoel/
https://100devs.org/
📧 Have ideas or questions for the show? Or are you a business that wants to talk business?
Email us at dannyandleonspodcast@gmail.com!
What We Cover
- The “React to Shell” exploit (Non-technical AND technical explanations)
- Why running Docker as root is a catastrophic security mistake
- How Cloudflare accidentally broke part of the internet trying to patch this
- The Parking Lot Method to finally stop getting derailed by side quests
- How to identify if you’re stuck in Tourist Developer Mode
⏱️ CHAPTERS
0:00 – The Nightmare: Server hijacked for crypto mining
2:29 – CRITICAL WARNING: Update React Now
3:55 – Anatomy of the Attack (361% CPU Spikes)
6:50 – The Fatal Mistake: Docker as Root
12:43 – The “Restaurant” Analogy (Explaining the Hack)
17:08 – Sponsored Segment
18:20 – Technical Deep Dive: Flight Protocol & Serialization
20:59 – The One Line of Code That Fixes It
23:44 – Vercel’s $750,000 Weekend Response
40:17 – How Cloudflare Accidentally Broke the Internet
42:33 – Career Q&A: “I keep getting distracted by side quests”
48:36 – Are You a Tourist in Your Own Career?
51:08 – The Parking Lot Method for Focus
54:27 – The Index Card System for Goals
🔗 Resources
Guillermo Rauch’s Full Breakdown – https://x.com/rauchg/status/1997362942929440937
Eduardo’s Original Report – https://x.com/duborges/status/1997293892090183772
🔔 45% of you aren’t subscribed.
If you like content that makes our moms proud, hit that subscribe button.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
My Favorite Murder with Karen Kilgariff and Georgia Hardstark
My Favorite Murder is a true crime comedy podcast hosted by Karen Kilgariff and Georgia Hardstark. Each week, Karen and Georgia share compelling true crimes and hometown stories from friends and listeners. Since MFM launched in January of 2016, Karen and Georgia have shared their lifelong interest in true crime and have covered stories of infamous serial killers like the Night Stalker, mysterious cold cases, captivating cults, incredible survivor stories and important events from history like the Tulsa race massacre of 1921. My Favorite Murder is part of the Exactly Right podcast network that provides a platform for bold, creative voices to bring to life provocative, entertaining and relatable stories for audiences everywhere. The Exactly Right roster of podcasts covers a variety of topics including historic true crime, comedic interviews and news, science, pop culture and more. Podcasts on the network include Buried Bones with Kate Winkler Dawson and Paul Holes, That's Messed Up: An SVU Podcast, This Podcast Will Kill You, Bananas and more.