A critical vulnerability in the Next.js framework, officially disclosed on March 21, 2025, allows attackers to bypass middleware security controls through a simple header manipulation. This post summarizes what we know about CVE-2025-29927, how you can mitigate the vulnerability, and how Acunetix can help you detect and confirm your organization’s risk.
Read more
The post Next.js middleware authorization bypass vulnerability: Are you vulnerable? appeared first on Acunetix.
In March 2025, a phishing attack successfully gained access to Troy Hunt’s Mailchimp account and automatically exported a list of people who had subscribed to the newsletter for his personal blog. The exported list contained 16k email addresses and other data automatically collected by Mailchimp including IP address and a derived latitude, longitude and time zone.
Security Onion 2.4.140 is now available including Suricata 7.0.9, Zeek 7.0.6, and much more! Component Updates The main focus of this […]
Cisco and the UK AI Security Institute partnered with NIST to release the latest update to the Adversarial Machine Learning Taxonomy.
As the adoption of cloud computing continues to accelerate, cloud cybersecurity has become a top priority for security leaders. The benefits of moving to the cloud are clear: scalability, flexibility, and cost-savings. But the security challenges can be equally significant. CISOs must navigate a complex landscape of shared responsibility models, evolving threats, and rapidly changing compliance requirements.
Security Onion Detection Engineering and Analysis In-Depth Tuesday, July 22, 2025 through Friday, July 25, 2025 in Columbia MD Use […]
Cisco is proud to share the State of AI Security report covering key developments in AI security across threat intelligence, policy, and research.
What is DAST and how does it work? Dynamic application security testing (DAST) is a cybersecurity assessment method that analyzes running applications to identify security vulnerabilities. Unlike static application security testing (SAST), which examines source code before deployment, DAST scanning simulates real-world attacks by probing…
Read more
The post Top 10 dynamic application security testing (DAST) tools for 2025 appeared first on Acunetix.
In June 2024, spyware maker SpyX suffered a data breach that exposed almost 2M unique email addresses. The breach also exposed IP addresses, countries of residence, device information and 6-digit PINs in the password field. Further, a collection of iCloud credentials likely used to monitor targets directly via the cloud were also in the breach and contained the target’s email address and plain text Apple password.
Ransomware attackers know where your kids go to school and they want you to know it, according to professional negotiators at Sygnia.