Olly 👾<p>:javascript: Critical Flaw in Next.js lets Attackers bypass Authorization.</p><p>A recent collaborative effort by researchers Rachid Allam and Yasser Allam has exposed a critical vulnerability within the Next.js framework, a widely used JavaScript framework based on React with nearly 10 million weekly downloads.</p><p><a href="https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">zhero-web-sec.github.io/resear</span><span class="invisible">ch-and-things/nextjs-and-the-corrupt-middleware</span></a></p><p><a href="https://nerdculture.de/tags/nextjs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nextjs</span></a> <a href="https://nerdculture.de/tags/middleware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>middleware</span></a> <a href="https://nerdculture.de/tags/it" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>it</span></a> <a href="https://nerdculture.de/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://nerdculture.de/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> <a href="https://nerdculture.de/tags/engineer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>engineer</span></a> <a href="https://nerdculture.de/tags/media" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>media</span></a> <a href="https://nerdculture.de/tags/javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>javascript</span></a> <a href="https://nerdculture.de/tags/programming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>programming</span></a> <a href="https://nerdculture.de/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://nerdculture.de/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
c.im is one of the many independent Mastodon servers you can use to participate in the fediverse.
C.IM is a general, mainly English-speaking Mastodon instance.
Administered by:
Server stats:
2.8Kactive users
c.im: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.6
#middleware
0 posts · 0 participants · 0 posts today
Tino Eberl<p>Ein Hackerangriff auf <a href="https://mastodon.online/tags/Oracle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Oracle</span></a> sorgt für Aufsehen. Mehrere Unternehmen haben bestätigt, dass ihre <a href="https://mastodon.online/tags/Kundendaten" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kundendaten</span></a>, die ein Angreifer online veröffentlicht hat, echt sind.</p><p>Laut <a href="https://mastodon.online/tags/Sicherheitsforscher" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sicherheitsforscher</span></a>n nutzte der Angreifer eine <a href="https://mastodon.online/tags/Schwachstelle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Schwachstelle</span></a> in der veralteten <a href="https://mastodon.online/tags/Middleware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Middleware</span></a> Oracle Fusion Middleware 11g. <a href="https://mastodon.online/tags/Oracle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Oracle</span></a> hatte den Vorfall zunächst abgestritten. Betroffen sind bis zu sechs Millionen <a href="https://mastodon.online/tags/Datens%C3%A4tze" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Datensätze</span></a>.</p><p><a href="https://mastodon.online/tags/Cyberangriff" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cyberangriff</span></a> <a href="https://mastodon.online/tags/Datenleck" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Datenleck</span></a> <a href="https://mastodon.online/tags/ITSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITSecurity</span></a> <a href="https://mastodon.online/tags/OracleCloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OracleCloud</span></a> <a href="https://mastodon.online/tags/Datensicherheit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Datensicherheit</span></a> <a href="https://mastodon.online/tags/Hackerangriff" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hackerangriff</span></a></p>
Markus Eisele<p>Red Hat Middleware moving to IBM <a href="http://markclittle.blogspot.com/2025/03/red-hat-middleware-moving-to-ibm.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">http://</span><span class="ellipsis">markclittle.blogspot.com/2025/</span><span class="invisible">03/red-hat-middleware-moving-to-ibm.html</span></a> by @nmcl<br><a href="https://mastodon.online/tags/redhat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redhat</span></a> <a href="https://mastodon.online/tags/ibm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ibm</span></a> <a href="https://mastodon.online/tags/middleware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>middleware</span></a></p>
𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕<p>»Critical Next.js Middleware Vulnerability Allows Attackers to Bypass Authorization:<br>A severe vulnerability has been identified in Next.js, a popular React framework used for building web applications, under the designation CVE-2025-29927.«</p><p>Well, I have to give it up and look at it.</p><p>🧑💻 <a href="https://gbhackers.com/critical-next-js-middleware-vulnerability/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gbhackers.com/critical-next-js</span><span class="invisible">-middleware-vulnerability/</span></a></p><p><a href="https://chaos.social/tags/javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>javascript</span></a> <a href="https://chaos.social/tags/nextjs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nextjs</span></a> <a href="https://chaos.social/tags/webdev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webdev</span></a> <a href="https://chaos.social/tags/react" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>react</span></a> <a href="https://chaos.social/tags/sec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sec</span></a> <a href="https://chaos.social/tags/framework" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>framework</span></a> <a href="https://chaos.social/tags/middleware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>middleware</span></a> <a href="https://chaos.social/tags/server" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>server</span></a> <a href="https://chaos.social/tags/itsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itsec</span></a></p>
Suzanne Aldrich (she/her)<p>Critical Next.js Middleware Vulnerability (CVE-2025-29927)</p><p>A major auth bypass vulnerability in Next.js middleware (prior to v14.2.25 / v15.2.3) allows attackers to inject the x-middleware-subrequest header and bypass authorization entirely. Exploitable via simple HTTP requests—no user interaction, no special permissions.</p><p>Patch. Now. Or block the header manually.</p><p>GitHub scored this 9.1 CRITICAL, but the real issue? This flaw exposes a systemic weakness in middleware validation, and some vendors weren’t exactly upfront about the risks.</p><p>Details + POC: <a href="https://zeropath.com/blog/nextjs-middleware-cve-2025-29927-auth-bypass" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">zeropath.com/blog/nextjs-middl</span><span class="invisible">eware-cve-2025-29927-auth-bypass</span></a><br>NVD: <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-29927" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nvd.nist.gov/vuln/detail/CVE-2</span><span class="invisible">025-29927</span></a></p><p>Security theater is easy. Secure defaults and transparency are harder—but essential.</p><p><a href="https://hachyderm.io/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://hachyderm.io/tags/AppSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSec</span></a> <a href="https://hachyderm.io/tags/NextJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NextJS</span></a> <a href="https://hachyderm.io/tags/CVE202529927" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE202529927</span></a> <a href="https://hachyderm.io/tags/middleware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>middleware</span></a> <a href="https://hachyderm.io/tags/securityfail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securityfail</span></a></p>
Hacker News<p>Next.js and the corrupt middleware: the authorizing artifact</p><p><a href="https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">zhero-web-sec.github.io/resear</span><span class="invisible">ch-and-things/nextjs-and-the-corrupt-middleware</span></a></p><p><a href="https://mastodon.social/tags/HackerNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HackerNews</span></a> <a href="https://mastodon.social/tags/Next" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Next</span></a>.js <a href="https://mastodon.social/tags/corrupt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>corrupt</span></a> <a href="https://mastodon.social/tags/middleware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>middleware</span></a> <a href="https://mastodon.social/tags/authorizing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authorizing</span></a> <a href="https://mastodon.social/tags/artifact" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>artifact</span></a> <a href="https://mastodon.social/tags/web" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>web</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
LavX News<p>Unlocking the Power of Functional Programming: Lessons in Simplicity and Composition</p><p>In a world dominated by imperative programming, functional programming offers a refreshing perspective on code architecture and composition. This article explores the fundamental concepts of Haskell a...</p><p><a href="https://news.lavx.hu/article/unlocking-the-power-of-functional-programming-lessons-in-simplicity-and-composition" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.lavx.hu/article/unlocking</span><span class="invisible">-the-power-of-functional-programming-lessons-in-simplicity-and-composition</span></a></p><p><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://mastodon.cloud/tags/FunctionalProgramming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FunctionalProgramming</span></a> <a href="https://mastodon.cloud/tags/Middleware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Middleware</span></a> <a href="https://mastodon.cloud/tags/Haskell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Haskell</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://chow.fan/@mookie" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>mookie</span></a></span> also wothput <a href="https://infosec.space/tags/Backend" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Backend</span></a> or <a href="https://infosec.space/tags/Middleware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Middleware</span></a> we'd constantly see <a href="https://infosec.space/tags/Skiddies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Skiddies</span></a> fuck up everything!</p>
devsimsek<p>🌐 Building A Dynamic PHP Router Library<br>Hey people 👋, ever wondered how URLs are routed to fancy actions in web apps? 🚀<br>Check out my latest tutorial 🌟 where I break down PHP routing with handlers, middleware, and dynamic URLs!</p><p>→ Learn more here: <a href="https://smsk.dev/go/7k5u2/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">smsk.dev/go/7k5u2/</span><span class="invisible"></span></a></p><p>🔧 Let's simplify the complex! <a href="https://mastodon.social/tags/PHP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PHP</span></a> <a href="https://mastodon.social/tags/WebDevelopment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebDevelopment</span></a> <a href="https://mastodon.social/tags/Middleware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Middleware</span></a> <a href="https://mastodon.social/tags/Routing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Routing</span></a> 🌍</p>
LavX News<p>Enhance Your Web Security with the Caddy Defender Plugin</p><p>The Caddy Defender plugin offers a powerful middleware solution for web developers looking to protect their applications from unwanted traffic and safeguard AI training data. With features like IP ran...</p><p><a href="https://news.lavx.hu/article/enhance-your-web-security-with-the-caddy-defender-plugin" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.lavx.hu/article/enhance-y</span><span class="invisible">our-web-security-with-the-caddy-defender-plugin</span></a></p><p><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://mastodon.cloud/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebSecurity</span></a> <a href="https://mastodon.cloud/tags/CaddyServer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CaddyServer</span></a> <a href="https://mastodon.cloud/tags/Middleware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Middleware</span></a></p>
gentlegardener<p><span class="h-card" translate="no"><a href="https://saturation.social/@Noupside" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Noupside</span></a></span> just saw you on <span class="h-card" translate="no"><a href="https://flipboard.com/@bloomberg" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>bloomberg</span></a></span> with regard to <a href="https://mastodon.scot/tags/middleware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>middleware</span></a> and heard <a href="https://mastodon.scot/tags/mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mastodon</span></a> get a fleeting mention.</p>
Habr<p>Spring Boot Filter. Введение в фильтрацию запросов</p><p>Привет, меня зовут Николай Пискунов , я руководитель направления Big Data и автор медиа вАЙТИ . В этой статье поговорим о фильтрации запросов.</p><p><a href="https://habr.com/ru/companies/beeline_cloud/articles/873284/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">habr.com/ru/companies/beeline_</span><span class="invisible">cloud/articles/873284/</span></a></p><p><a href="https://zhub.link/tags/spring_boot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>spring_boot</span></a> <a href="https://zhub.link/tags/%D1%84%D0%B8%D0%BB%D1%8C%D1%82%D1%80%D0%B0%D1%86%D0%B8%D1%8F_%D0%B7%D0%B0%D0%BF%D1%80%D0%BE%D1%81%D0%BE%D0%B2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>фильтрация_запросов</span></a> <a href="https://zhub.link/tags/backend" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>backend</span></a> <a href="https://zhub.link/tags/%D0%BB%D0%BE%D0%B3%D0%B8%D1%80%D0%BE%D0%B2%D0%B0%D0%BD%D0%B8%D0%B5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>логирование</span></a> <a href="https://zhub.link/tags/%D0%B1%D0%B5%D0%B7%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D1%81%D1%82%D1%8C_%D0%BF%D1%80%D0%B8%D0%BB%D0%BE%D0%B6%D0%B5%D0%BD%D0%B8%D0%B9" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>безопасность_приложений</span></a> <a href="https://zhub.link/tags/http" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>http</span></a> <a href="https://zhub.link/tags/middleware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>middleware</span></a> <a href="https://zhub.link/tags/%D0%BF%D1%80%D0%BE%D0%B8%D0%B7%D0%B2%D0%BE%D0%B4%D0%B8%D1%82%D0%B5%D0%BB%D1%8C%D0%BD%D0%BE%D1%81%D1%82%D1%8C_%D0%BF%D1%80%D0%B8%D0%BB%D0%BE%D0%B6%D0%B5%D0%BD%D0%B8%D0%B9" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>производительность_приложений</span></a> <a href="https://zhub.link/tags/%D0%BE%D0%B1%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B0_%D0%B4%D0%B0%D0%BD%D0%BD%D1%8B%D1%85" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>обработка_данных</span></a> <a href="https://zhub.link/tags/%D0%B0%D1%80%D1%85%D0%B8%D1%82%D0%B5%D0%BA%D1%82%D1%83%D1%80%D0%B0_%D0%BF%D1%80%D0%B8%D0%BB%D0%BE%D0%B6%D0%B5%D0%BD%D0%B8%D0%B9" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>архитектура_приложений</span></a></p>
David J. Atkinson<p><span class="h-card" translate="no"><a href="https://beige.party/@RickiTarr" class="u-url mention">@<span>RickiTarr</span></a></span> 2/ So everything gets much smaller. Implants and <a href="https://c.im/tags/neural" class="mention hashtag" rel="tag">#<span>neural</span></a> interfaces are one possible future, but there are many unknowns along that path. Instead, think <a href="https://c.im/tags/wearables" class="mention hashtag" rel="tag">#<span>wearables</span></a>. An earring maybe.</p><p>(2) <a href="https://c.im/tags/Software" class="mention hashtag" rel="tag">#<span>Software</span></a> (more generally, re-programability) offers plenty of opportunity for <a href="https://c.im/tags/innovation" class="mention hashtag" rel="tag">#<span>innovation</span></a>. <a href="https://c.im/tags/Middleware" class="mention hashtag" rel="tag">#<span>Middleware</span></a> will be key. For example, self-organizing distributed virtual <a href="https://c.im/tags/computing" class="mention hashtag" rel="tag">#<span>computing</span></a> systems will be far more powerful than any standalone device.</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload