CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs

GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts

Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks

Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise

Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks

A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions.
The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0.
"Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops," Next.js said in an

Headline

Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks

The Hacker News: Latest News