A devastating new React vulnerability earned a "perfect 10" for risk, letting attackers remotely run code on a million-plus servers with a single HTTP request. Find out what happened, how fast attackers moved in, and why this bug changes everything for web security. France's VanityFair face a stiff fine over cookies. GrapheneOS pulls out of France over coercion worries. The EU adds to the pile-on over underage social media. India mandates the tracking of all smartphones. Apple says no. India abandons its smartphone tracking mandate. India requires all encrypted messaging to be SIM-tied. Scattered Lapsus$ Hunters --becomes--> SLH. AI demand has driven RAM pricing sky high. GRC's DNS Benchmark is finished and available. Cisco may talk a good game, but they're still Cisco. Browsers to ask users for local network access permission. React: The worst remote code exploit in a LONG time. Show Notes - https://www.grc.com/sn/SN-1055-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow veeam.com bigid.com/securitynow zscaler.com/security hoxhunt.com/securitynow