Advisories
-
Next.js Middleware Auth.Bypass Vulnerability
What is the Vulnerability?FortiGuard Labs has identified ongoing attack attempts targeting a critical authorization bypass vulnerability (CVE-2025-29927) in the middleware system of the Next.js framework, a popular React-based framework for building full-stack web applications.The issue arises from improper handling of an internal HTTP header: x-middleware-subrequest. This header, when manipulated, can bypass middleware execution, allowing attackers…
-
Squid Dominated the Oceans in the Late Cretaceous
New research: One reason the early years of squids has been such a mystery is because squids’ lack of hard shells made their fossils hard to come by. Undeterred, the team instead focused on finding ancient squid beaks—hard mouthparts with high fossilization potential that could help the team figure out how squids evolved. With that…
-
httpd-2.4.64-1.fc42
FEDORA-2025-6d7a183951 Packages in this update: httpd-2.4.64-1.fc42 Update description: New httpd 2.4.64 release + security fixes Read More
-
httpd-2.4.64-1.fc41
FEDORA-2025-b486ffd351 Packages in this update: httpd-2.4.64-1.fc41 Update description: New httpd 2.4.64 release + security fixes Read More
-
Tradecraft in the Information Age
Long article on the difficulty (impossibility?) of human spying in the age of ubiquitous digital surveillance. Read More
-
USN-7608-6: Linux kernel (Xilinx ZynqMP) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: – GPU drivers; – SMB network file system; – Memory management; – Netfilter; – Network traffic control; (CVE-2025-37890, CVE-2024-46787, CVE-2025-37798, CVE-2025-38000, CVE-2025-37932, CVE-2025-38001, CVE-2025-37997, CVE-2024-50047, CVE-2024-53051) Read More
-
restic-0.18.0-1.fc43
FEDORA-2025-6241ca1662 Packages in this update: restic-0.18.0-1.fc43 Update description: Automatic update for restic-0.18.0-1.fc43. Changelog * Fri Jul 11 2025 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 0.18.0-1 – Update to 0.18.0 – Closes rhbz#2355627 rhbz#2354447 rhbz#2352331 rhbz#2350845 rhbz#2348839 rhbz#2331990 Read More
-
ISACA Addresses Experience Gap with CISA Associate Designation
The new CISA Associate designation recognizes ISACA members who have passed the CISA exam, but do not yet have the required experience Read More
-
Russian basketball player arrested in ransomware case despite being “useless with computers”
A Russian professional basketball player has been arrested for allegedly acting as a negotiator for a ransomware gang… and despite his lawyer claiming he’s “useless” with computers. Read more in my article on the Hot for Security blog. Read More
-
SAP NetWeaver S/4HANA – ABAP Code Execution via Internal Function
Posted by Office nullFaktor GmbH on Jul 11 nullFaktor Security Advisory < 20250719 > =========================================================== Title: ABAP Code Execution via Internal Function Module WRITE_AND_CALL_DBPROG Vulnerability: Exposed Dangerous Functionality Product: SAP NetWeaver S/4HANA Homepage: http://www.sap.com Affected Version: S/4HANA, SAP_BASIS 757 SP 3 SAP Note: 3546011 Impact: High… Read More