A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions. The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0. “Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops,” Next.js said in […]
Category Archives: News
At MWC 2025, Google confirmed it was working on screen and video share capabilities for Gemini Live, codenamed “Project Astra”. At that time, Google promised that the feature would begin rolling out soon, and now some users have spotted it in the wild. […]
23
Mar
Mar
To celebrate its 20th birthday, Google Maps teamed up with one of Asia’s most popular multi-hyphenate artists, Nicholas “Chef Nic” Tse, to curate a list of his favorite …
Cloudflare announced that it closed all HTTP connections and it is now accepting only secure, HTTPS connections for api.cloudflare.com. […]
Cybercriminals are abusing Microsoft’s Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. […]
The FBI is warning that fake online document converters are being used to steal people’s information and, in worst-case scenarios, lead to ransomware attacks. […]
The supply chain attack involving the GitHub Action “tj-actions/changed-files” started as a highly-targeted attack against one of Coinbase’s open-source projects, before evolving into something more widespread in scope. “The payload was focused on exploiting the public CI/CD flow of one of their open source projects – agentkit, probably with the purpose of leveraging it for […]
Cybercriminals are abusing Microsoft’s Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. […]
22
Mar
Mar
For World Water Day we’re releasing our 2025 Water Stewardship Project Portfolio summary report and announcing four new partnerships.
The U.S. Treasury Department has announced that it’s removing sanctions against Tornado Cash, a cryptocurrency mixer service that has been accused of aiding the North Korea-linked Lazarus Group to launder their ill-gotten proceeds. “Based on the Administration’s review of the novel legal and policy issues raised by use of financial sanctions against financial and commercial […]