Skip to main content

Articles about the most recent vulnerabilities discovered.

Critical Next.js Security Vulnerability Enables Middleware Authorization Bypass

A critical vulnerability has been identified in the Next.js React framework, posing a significant security risk by allowing attackers to bypass middleware-based authorization checks under specific circumstances.

The flaw, identified as CVE-2025-29927, has received a CVSS severity rating of 9.1 out of 10, underscoring its critical nature.

Vulnerability CVE-2022-40648 exploited by Belsen Group

In 2025, the cyber security landscape was shaken by the official debut of the Belsen Group – a new group that exploited over 15,000 vulnerable configurations of FortiNet firewalls in 144 countries. This event not only highlights the risks associated with known vulnerabilities but also serves as a lesson about the importance of compromise assessments and prompt remediation. 

The Belsen Group entered the cyber scene with a post on the dark web stating:

Chinese Hackers Exploit Check Point VPN Zero-Day to Target Global Organizations

A sophisticated cyberespionage campaign linked to Chinese state-sponsored actors has exploited a previously patched Check Point VPN vulnerability (CVE-2024-24919) to infiltrate organizations across Europe, Africa, and the Americas, according to cybersecurity researchers.

The attacks, observed between June 2024 and January 2025, primarily targeted the manufacturing sector, deploying ShadowPad malware and, in limited cases, the NailaoLocker ransomware.

User login