Mar 24, 2025 | Podcast
https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware A critical vulnerability, CVE-2025-29927, has been discovered in the Next.js web development framework, enabling attackers to bypass authorization checks. This flaw allows malicious...
Mar 22, 2025 | Podcast
https://www.itnews.com.au/news/over-200000-mygov-users-disable-passwords-in-passkey-shift-615664 Over half a million myGov users have adopted passkeys as their login method since the feature launched in June 2024, with over 200,000 users exclusively relying on...
Mar 21, 2025 | Podcast
https://www.bleepingcomputer.com/news/security/fake-security-alert-issues-on-github-use-oauth-app-to-hijack-accounts A widespread phishing campaign is targeting GitHub users with fake “Security Alert” issues, attempting to trick them into authorizing a...
Mar 20, 2025 | Podcast
https://www.wiz.io/blog/github-action-tj-actions-changed-files-supply-chain-attack-cve-2025-30066 The widely used GitHub Action “tj-actions/changed-files” was compromised before March 14, 2025, injecting malicious code that leaked secrets from affected...
Mar 19, 2025 | Podcast
https://arstechnica.com/ai/2025/03/ai-coding-assistant-refuses-to-write-code-tells-user-to-learn-programming-instead An AI coding assistant, Cursor, has surprised users by refusing to generate code and instead advising them to learn programming. This incident reflects...
Mar 18, 2025 | Podcast
Today, we’re getting hands-on with one of the most effective ways to improve security: secure coding bootcamps. Because let’s face it – developers learn best by doing, not by watching. And if you want secure code, you need to make secure coding practical,...
