Developer tidbits for the weekend – smaller news of the week

Small but interesting news tidbits from the news buffet about React Native, Perl, JavaScript, ASP .NET Core, State of Web Dev ...
Visual Studio Magazine

BFF and SPAs: Best Friends Forever

Christian Wenz explains why the Backends for Frontends (BFF) pattern is emerging as a more secure authentication model for single-page applications.
InfoQ

ASP.NET Core in .NET 11 Preview 1 Brings New Blazor Components, Improved Navigation, and WebAssembly

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Agent workflows make transport a first-order ...
Visual Studio Magazine

Building Real-World Web Apps with ASP.NET Core Razor Pages

Understand the key advantages of Razor Pages in ASP.NET Core for building real-world web applications Learn how features like dependency injection, configuration, and environment awareness improve ...
Searchenginejournal.com

Apple Safari Update Enables Tracking Two Core Web Vitals Metrics

Safari 26.2 adds support for measuring Largest Contentful Paint (LCP) and the Event Timing API, which is used to calculate Interaction to Next Paint (INP). This enables site owners to collect Largest ...
InfoQ

ASP.NET Core in .NET 10: Major Updates across Blazor, APIs, and OpenAPI

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Soroosh Khodami discusses why we aren't ready ...
The Hacker News

.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL

New research has uncovered exploitation primitives in the .NET Framework that could be leveraged against enterprise-grade applications to achieve remote code execution. WatchTowr Labs, which has ...
techworm.net

Critical React Vulnerability Puts Web Servers At Immediate Risk

A newly discovered security flaw in the React ecosystem — one of the most widely used technologies on the web — is prompting urgent warnings across the tech industry. The bug — dubbed “React2Shell” — ...
Microsoft

Understanding CVE-2025-55315: What CISOs, security engineers, and sysadmins should know

On October 14, 2025, Microsoft released a security update addressing CVE-2025-55315, a vulnerability in ASP.NET Core that allows HTTP request smuggling. While request smuggling is a known technique, ...
Bleeping Computer

Microsoft fixes highest-severity ASP.NET Core flaw ever

Earlier this week, Microsoft patched a vulnerability that was flagged with the "highest ever" severity rating received by an ASP.NET Core security flaw. This HTTP request smuggling bug (CVE-2025-55315 ...
CSOonline

Critical ASP.NET core vulnerability earns Microsoft’s highest-ever severity score

The Kestrel web server flaw allows request smuggling attacks, but the actual risk depends on the application code and deployment. Microsoft has patched a critical vulnerability in ASP.NET Core that ...