Articles by Tag #vulnerabilityinsights
Browse our collection of articles on various topics related to IT technologies. Dive in and explore something new!
CVE-2025-29927 Authorization Bypass in Next.js Middleware
On Friday morning, March 21, 2025, at 9:00 a.m. UTC, a security advisory identified as CVE-2025-29927 was published. It cited a critical 9.1 severity vulnerability for mainstream Next.js applications.
Suspicious Maintainer Unveils Threads of npm Supply Chain Attack
This story starts when Sébastien Lorber, maintainer of Docusaurus, the React-based open-source documentation project, notices a Pull Request change to the package manifest. Here’s the change proposed to the popular cliui npm package:
Reconstructing the TJ Actions Changed Files GitHub Actions Compromise
A critical security exploit in the popular GitHub Action changed-files (tj-actions/changed-files) exposed encrypted secrets in plaintext within GitHub Action logs. This vulnerability, affecting over 23,000 repositories, was enabled by orphaned commits and manipulated release tags. Learn how to protect your GitHub workflows from similar exploits.