2025-03-25
CyberScoop
12 related
Researchers say a Next.js flaw that existed for several years could have let hackers bypass middleware-based authentication; Vercel patched the flaw on March 18
Next.js version 15.2.3 has been released to address a security vulnerability (CVE-2025-29927). zhero_web_security : Next.js and the corrupt middleware: the authorizing artifact National Vulnerability ...
2022-05-25
BleepingComputer
9 related
Researchers discover that a popular Python library “ctx” and PHP package “phpass” have been compromised to steal developers' AWS keys and credentials
PyPI module ‘ctx’ that gets downloaded over 20,000 times a week has been compromised in a software supply chain attack …
2021-03-30
BleepingComputer
18 related
The official PHP Git repository was hacked, adding a backdoor RCE to the PHP source code; PHP maintainer says the changes were reverted within a few hours
This commit does not belong to any branch on this repository … Mark Sullivan / Fast Company : Hackers put a back door in a code library that powers 79% of websites Tweets: Sam Kottler / @samkottler : ...
2021-03-29
BleepingComputer
12 related
The official PHP Git repository was hacked to add backdoors to the PHP source code; the changes were “reverted right away”
In the latest software supply chain attack, the official PHP Git repository was hacked and the code base tampered with.
Loading articles...