Aggregator

The union received a spoofed email that led to the loss of $6.4 million, much of it transferred to other accounts or to a cryptocurrency exchange.

Newly identified CoffeeLoader uses multiple evasion techniques and persistence mechanisms to deploy payloads and bypass endpoint security

Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life.

A recent security update for Windows Server 2025, released on February 11, 2025 (KB5051987), has caused a significant issue for users relying on Remote Desktop Protocol (RDP). The update, part of Microsoft’s February Patch Tuesday, has led to RDP sessions freezing shortly after connection, rendering mouse and keyboard inputs unresponsive. Microsoft has confirmed this problem, […]

The post Windows Server 2025 Security Update Freezes Remote Desktop Sessions Connection appeared first on Cyber Security News.

Alleged Sale of Cyber Mail Checker Tool

A new report sheds light on the most targeted WordPress plugin vulnerabilities hackers used in the first quarter of 2025 to compromise sites. [...]

A new botnet named “GorillaBot,” has orchestrated over 300,000 attack commands across more than 100 countries within a span of just three weeks. Built on the infamous Mirai botnet framework, GorillaBot represents a sophisticated malware evolution. It leverages advanced encryption and evasion techniques to target industries ranging from telecommunications to finance and education. Discovered by […]

The post GorillaBot Attacks Windows Devices With 300,000+ Attack Commands Across 100+ Countries appeared first on Cyber Security News.

Red wolf ceyber Targeted the Website of Cumhuriyet Halk Partisi (CHP)

Valve 首次通过官方数据证实 Steam 平台简体中文玩家略微超过了英语玩家。根据 Valve 开发者在 GDC 2025 上发布的 PPT：2024 年简体中文玩家占到了总玩家数的 33.7%，超过了英语玩家的 33.50%，之后是俄语玩家占 8.2%，西班牙语 4.6%，巴西语 2.8%，德语 2.5%，韩语 2.2%，法语 2.1%，日语 1.7%，土耳其语 1.7%，波兰语 1.5%，繁体中文 1%，意大利语 0.7%，泰语 0.6%，其他 3.2%。这一数据来自官方，而不是每月根据抽样调查公布的 Steam 硬件和软件调查报告。GDC 2025 完整演讲稿将在不久之后发布在 Steamworks YouTube 频道上。

Biometric data refers to unique physical or behavioral characteristics that are used to verify a person’s identity. Revoking or changing biometric data is more complicated than changing passwords. Unlike passwords, biometric identifiers like fingerprints or retina scans are unique and permanent. This makes it particularly vulnerable if stolen. Cybercriminals can use stolen biometric information to impersonate someone and bypass security systems, putting personal accounts and data at risk. Many people are unaware of how their … More →

The post How to manage and protect your biometric data appeared first on Help Net Security.

IntroductionOn March 21, 2025, a critical vulnerability, CVE-2025-29927, was publicly disclosed with a CVSS score of 9.1, signifying high severity. Discovered by security researcher Rachid Allam, the flaw enables attackers to bypass authorization checks in Next.js Middleware, potentially granting unauthorized access to protected resources. This poses a risk to applications that rely on Middleware to enforce user authorization, validate session data, control route access, handle redirections, and manage UI visibility based on user roles or permissions. RecommendationsUsers whose applications leverage Next.js Middleware for authorization are strongly urged to: Update applications: Upgrade to the patched version listed in the affected versions section below.Stop header exploits: For applications running version greater than 11.1.4 and less than or equal to 13.5.6, where no secure version is available, configure load balancers or web servers to block external requests containing the x-middleware-subrequest header from reaching the Next.js application.Affected VersionsThe following table describes impacted Next.js versions, along with a corresponding patched version.Impacted VersionPatched Version%26gt; 11.1.4 %26lt;= 13.5.6None%26gt; 12.0 %26lt; 12.3.512.3.5%26gt; 13.0 %26lt; 13.5.913.5.9%26gt; 14.0 %26lt; 14.2.2514.2.25%26gt; 15.0 %26lt; 15.2.315.2.3Table 1: Table of impacted Next.js versions and their corresponding patched versions.BackgroundCVE-2025-29927 is an authorization bypass that allows attackers to circumvent Next.js Middleware controls entirely. By including a specially crafted x-middleware-subrequest HTTP header in requests, attackers can bypass authorization checks and gain unauthorized access to protected resources.Potential impacts of this vulnerability include:Unauthorized access: Attackers could gain access to private resources, APIs, or restricted application areas.Data exposure: Exploiting this flaw could lead to the theft of sensitive user information.Privilege escalation: Attackers might execute malicious actions, such as accessing administrative features or altering server states.Content Security Policy (CSP) Bypass: Middleware could be manipulated to modify CSP headers or cookies, potentially compromising application integrity.Cache poisoning: In certain configurations, attackers could exploit Middleware to force the caching of 404 responses in applications using a CDN between the Next.js application and the end user. This could render application pages unavailable, impacting their availability and disrupting user experience.How It WorksThe vulnerability stems from how Next.js Middleware handles requests through the runMiddleware function. This function evaluates the x-middleware-subrequest header from incoming requests to decide whether middleware checks should be enforced. The header value is split using a colon (:) as a delimiter and compared against the middlewareInfo.name, which represents the path or location of the middleware component. If the comparison matches, the request bypasses authorization checks and proceeds directly to its destination. The figure below shows a diagram of the attack flow.Figure 1: A diagram of the attack flow where an attacker abuses CVE-2025-29927.Originally designed to prevent infinite loops in recursive requests, this mechanism unintentionally introduced a loophole. Attackers can craft malicious x-middleware-subrequest headers to exploit this flaw, bypassing middleware controls and gaining unauthorized access to protected resources. The code enabling this vulnerability is shown in the figure below:Figure 2: Next.js Middleware code that enables CVE-2025-29927.Evolution of Middleware file naming and header parsingEarlier Versions (Pre 12.2): In early versions of Next.js (prior to 12.2), middleware files were named _middleware.ts, and only the Pages Router was available. During this period, the middlewareInfo.name value could be determined as pages/_middleware.ts. Attackers could craft a request header like the one below to bypass authorization checks: x-middleware-subrequest: pages/_middleware Next.js 12.2 and later: Starting with version 12.2, Next.js introduced changes to middleware file naming conventions, dropping the underscore (_) prefix. Middleware files became middleware.ts and could also be placed in a /src directory. The middlewareInfo.name could now be guessed as middleware or src/middleware. The corresponding crafted headers to bypass authorization are the following: x-middleware-subrequest: middleware x-middleware-subrequest: src/middleware Latest versions: In recent versions of Next.js, the logic for parsing the x-middleware-subrequest header evolved. The header value is still split using (:) as a delimiter, but the length of the resulting array (“depth”) is compared to a constant called MAX_RECURSION_DEPTH (defaulting to 5). This is done to calculate the number of subrequests and avoid an infinite loop condition. Middleware checks are applied only if the depth exceeds this threshold. Attackers exploit this logic by including repeated entries in the header to meet the required depth while bypassing middleware checks. For example: x-middleware-subrequest: middleware:middleware:middleware:middleware:middleware x-middleware-subrequest: src/middleware:src/middleware:src/middleware:src/middleware:src/middlewareThe patchThe implemented fix addresses the vulnerability through two key components:Internal header stripping: All HTTP headers intended for internal use, like x-middleware-subrequest, are stripped from external requests during processing.String validation: The x-middleware-subrequest value is now validated against a randomly generated hexadecimal string, ensuring that only legitimate session requests pass authorization checks.This patch effectively mitigates the authorization bypass and ensures that Middleware components cannot be exploited using tampered request headers. The patched code is shown in the figure below:Figure 3: The patched code corresponds to version 15.2.3 of Next.js Middleware.ConclusionCVE-2025-29927 poses a risk to applications using Next.js Middleware for authorization, especially self-hosted instances. Middleware should supplement, not replace, robust security measures placed closer to the data source. The impact variation across hosting platforms highlights the need to consider deployment context in security planning.Zscaler CoverageThe Zscaler ThreatLabz team has deployed protection for CVE-2025-29927.Zscaler Private Access AppProtection6000919: Next.js Middleware Authorization Bypass (CVE-2025-29927)

The post CVE-2025-29927: Next.js Middleware Authorization Bypass Flaw appeared first on Security Boulevard.

PJobRAT malware targets Taiwan Android users, stealing data through fake messaging platforms

MalNPMDetector：专为 npm 软件包设计的恶意包检测系统 by ourren

更多最新文章，请访问SecWiki

以色列魏茨曼研究所的研究人员使用了以色列最大的医疗服务机构时间跨度为 2003 年至 2020 年、20~35 岁未服用药物或患有慢性疾病的女性的匿名检测数据，分析了女性怀孕前、怀孕中和从怀孕到产后共一年多，这3个时间点的血液、尿液以及其他指标的匿名检测结果，以揭示女性怀孕和分娩的身体“代价”——从为供养胎儿所做的无数改变到产后身体的变化。研究人员收集了 76 项常见测试指标，包括胆固醇、免疫细胞、血红细胞、炎症情况以及肝脏、肾脏和新陈代谢的健康情况。结果发现，女性产后第一个月，76 个指标中的 47% 稳定在接近受孕前的值，有 41% 的指标需要 10 周以上的时间才能稳定下来，还有 12% 的指标则需要 4 到 10 周才能稳定下来。肝功和胆固醇需要大约 6 个月才能稳定，而骨骼和肝脏则需要一年时间才能达到健康指标。而包括炎症标志物和血液健康指标在内的几项指标，即使在 80 周后研究结束时，也没能恢复到受孕前的水平。研究人员指出，这种长期差异是由怀孕和分娩本身造成的，还是由孩子出生后的身体行为变化造成的，是未来需要研究的问题。

A vulnerability has been found in gnuplot and classified as critical. Affected by this vulnerability is the function utf8_copy_one. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2025-31177. The attack needs to be approached within the local network. There is no exploit available.