bolha.us

0 posts0 participants0 posts today

Markus EiseleRed Hat Middleware moving to IBM <a href="http://markclittle.blogspot.com/2025/03/red-hat-middleware-moving-to-ibm.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">http://markclittle.blogspot.com/2025/03/red-hat-middleware-moving-to-ibm.html</a> by @nmcl <a href="https://mastodon.online/tags/redhat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#redhat</a> <a href="https://mastodon.online/tags/ibm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ibm</a> <a href="https://mastodon.online/tags/middleware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#middleware</a>

𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕»Critical Next.js Middleware Vulnerability Allows Attackers to Bypass Authorization: A severe vulnerability has been identified in Next.js, a popular React framework used for building web applications, under the designation CVE-2025-29927.«Well, I have to give it up and look at it.🧑‍💻 <a href="https://gbhackers.com/critical-next-js-middleware-vulnerability/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://gbhackers.com/critical-next-js-middleware-vulnerability/</a><a href="https://chaos.social/tags/javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#javascript</a> <a href="https://chaos.social/tags/nextjs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#nextjs</a> <a href="https://chaos.social/tags/webdev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#webdev</a> <a href="https://chaos.social/tags/react" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#react</a> <a href="https://chaos.social/tags/sec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sec</a> <a href="https://chaos.social/tags/framework" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#framework</a> <a href="https://chaos.social/tags/middleware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#middleware</a> <a href="https://chaos.social/tags/server" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#server</a> <a href="https://chaos.social/tags/itsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#itsec</a>

Suzanne Aldrich (she/her)Critical Next.js Middleware Vulnerability (CVE-2025-29927)A major auth bypass vulnerability in Next.js middleware (prior to v14.2.25 / v15.2.3) allows attackers to inject the x-middleware-subrequest header and bypass authorization entirely. Exploitable via simple HTTP requests—no user interaction, no special permissions.Patch. Now. Or block the header manually.GitHub scored this 9.1 CRITICAL, but the real issue? This flaw exposes a systemic weakness in middleware validation, and some vendors weren’t exactly upfront about the risks.Details + POC: <a href="https://zeropath.com/blog/nextjs-middleware-cve-2025-29927-auth-bypass" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://zeropath.com/blog/nextjs-middleware-cve-2025-29927-auth-bypass</a> NVD: <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-29927" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://nvd.nist.gov/vuln/detail/CVE-2025-29927</a>Security theater is easy. Secure defaults and transparency are harder—but essential.<a href="https://hachyderm.io/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://hachyderm.io/tags/AppSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AppSec</a> <a href="https://hachyderm.io/tags/NextJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NextJS</a> <a href="https://hachyderm.io/tags/CVE202529927" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE202529927</a> <a href="https://hachyderm.io/tags/middleware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#middleware</a> <a href="https://hachyderm.io/tags/securityfail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#securityfail</a>

Hacker NewsNext.js and the corrupt middleware: the authorizing artifact<a href="https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware</a><a href="https://mastodon.social/tags/HackerNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HackerNews</a> <a href="https://mastodon.social/tags/Next" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Next</a>.js <a href="https://mastodon.social/tags/corrupt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#corrupt</a> <a href="https://mastodon.social/tags/middleware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#middleware</a> <a href="https://mastodon.social/tags/authorizing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authorizing</a> <a href="https://mastodon.social/tags/artifact" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#artifact</a> <a href="https://mastodon.social/tags/web" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#web</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a>

Kevin Karhan :verified:<a href="https://chow.fan/@mookie" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@mookie</a> also wothput <a href="https://infosec.space/tags/Backend" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Backend</a> or <a href="https://infosec.space/tags/Middleware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Middleware</a> we'd constantly see <a href="https://infosec.space/tags/Skiddies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Skiddies</a> fuck up everything!

devsimsek🌐 Building A Dynamic PHP Router Library Hey people 👋, ever wondered how URLs are routed to fancy actions in web apps? 🚀 Check out my latest tutorial 🌟 where I break down PHP routing with handlers, middleware, and dynamic URLs!→ Learn more here: <a href="https://smsk.dev/go/7k5u2/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://smsk.dev/go/7k5u2/</a>🔧 Let's simplify the complex! <a href="https://mastodon.social/tags/PHP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PHP</a> <a href="https://mastodon.social/tags/WebDevelopment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WebDevelopment</a> <a href="https://mastodon.social/tags/Middleware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Middleware</a> <a href="https://mastodon.social/tags/Routing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Routing</a> 🌍

Ben PtacekI will do a quick <a href="https://fosstodon.org/tags/introduction" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#introduction</a>...Mainly a tech geek that is currently focused on tech such as <a href="https://fosstodon.org/tags/kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#kubernetes</a> <a href="https://fosstodon.org/tags/terraform" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#terraform</a> <a href="https://fosstodon.org/tags/ansible" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ansible</a> and general <a href="https://fosstodon.org/tags/cicd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cicd</a> technologies.Love my <a href="https://fosstodon.org/tags/homelab" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#homelab</a>, but would like to get into more of a minimal power homelab. Using <a href="https://fosstodon.org/tags/rancher" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rancher</a> with RKE2 and EKS (kubernetes) that is mostly automated. I also dabble in <a href="https://fosstodon.org/tags/vmware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#vmware</a> and <a href="https://fosstodon.org/tags/mikrotik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mikrotik</a>, but previous backgrounds are in many <a href="https://fosstodon.org/tags/middleware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#middleware</a> technologies.Excited to learn more about <a href="https://fosstodon.org/tags/fediverse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fediverse</a> as I go.

Recent searches

Search options

Administered by:

Server stats:

#middleware