Advisories

  • Next.js Middleware Auth.Bypass Vulnerability

    What is the Vulnerability?FortiGuard Labs has identified ongoing attack attempts targeting a critical authorization bypass vulnerability (CVE-2025-29927) in the middleware system of the Next.js framework, a popular React-based framework for building full-stack web applications.The issue arises from improper handling of an internal HTTP header: x-middleware-subrequest. This header, when manipulated, can bypass middleware execution, allowing attackers…

    Read More

  • Squid Dominated the Oceans in the Late Cretaceous

    New research: One reason the early years of squids has been such a mystery is because squids’ lack of hard shells made their fossils hard to come by. Undeterred, the team instead focused on finding ancient squid beaks—hard mouthparts with high fossilization potential that could help the team figure out how squids evolved. With that…

    Read More

  • httpd-2.4.64-1.fc42

    FEDORA-2025-6d7a183951 Packages in this update: httpd-2.4.64-1.fc42 Update description: New httpd 2.4.64 release + security fixes Read More

    Read More

  • httpd-2.4.64-1.fc41

    FEDORA-2025-b486ffd351 Packages in this update: httpd-2.4.64-1.fc41 Update description: New httpd 2.4.64 release + security fixes Read More

    Read More

  • Tradecraft in the Information Age

    Long article on the difficulty (impossibility?) of human spying in the age of ubiquitous digital surveillance. Read More

    Read More

  • USN-7608-6: Linux kernel (Xilinx ZynqMP) vulnerabilities

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: – GPU drivers; – SMB network file system; – Memory management; – Netfilter; – Network traffic control; (CVE-2025-37890, CVE-2024-46787, CVE-2025-37798, CVE-2025-38000, CVE-2025-37932, CVE-2025-38001, CVE-2025-37997, CVE-2024-50047, CVE-2024-53051) Read More

    Read More

  • restic-0.18.0-1.fc43

    FEDORA-2025-6241ca1662 Packages in this update: restic-0.18.0-1.fc43 Update description: Automatic update for restic-0.18.0-1.fc43. Changelog * Fri Jul 11 2025 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 0.18.0-1 – Update to 0.18.0 – Closes rhbz#2355627 rhbz#2354447 rhbz#2352331 rhbz#2350845 rhbz#2348839 rhbz#2331990 Read More

    Read More

  • ISACA Addresses Experience Gap with CISA Associate Designation

    The new CISA Associate designation recognizes ISACA members who have passed the CISA exam, but do not yet have the required experience Read More

    Read More

  • Russian basketball player arrested in ransomware case despite being “useless with computers”

    A Russian professional basketball player has been arrested for allegedly acting as a negotiator for a ransomware gang… and despite his lawyer claiming he’s “useless” with computers. Read more in my article on the Hot for Security blog. Read More

    Read More

  • SAP NetWeaver S/4HANA – ABAP Code Execution via Internal Function

    Posted by Office nullFaktor GmbH on Jul 11 nullFaktor Security Advisory < 20250719 > =========================================================== Title: ABAP Code Execution via Internal Function Module WRITE_AND_CALL_DBPROG Vulnerability: Exposed Dangerous Functionality Product: SAP NetWeaver S/4HANA Homepage: http://www.sap.com Affected Version: S/4HANA, SAP_BASIS 757 SP 3 SAP Note: 3546011 Impact: High… Read More

    Read More