Critical Security Alert: Unauthenticated RCE in React CVE-2025-55182 & Next.js CVE-2025-66478
Two new critical vulnerabilities, CVE-2025-55182 (React) and CVE-2025-66478 (Next.js), were publicly disclosed today, impacting React and Next.js applications. These issues allow unauthenticated remote code execution under default framework configurations, requiring no special setup or developer mistakes. Testing confirms that even newly generated Next.js applications created with create-next-app and built for production are immediately vulnerable without […]
Shai Hulud 2.0: The NPM Supply Chain Attack Returns as an Aggressive Self-Propagating Worm
The newly uncovered “Shai Hulud 2.0”, also known as sha1-hulud, campaign is one of the most aggressive npm supply-chain attacks to date. Unlike the earlier, more contained incident, this wave introduces a fully automated worm that rapidly spreads across maintainers, repositories, and dependency graphs. More than 25,000 repositories tied to hundreds of developers have already […]
npm Supply Chain Attack: Shai Hulud Worm Escalates August Nx Compromise
On September 16, 2025, a large-scale npm supply chain attack was discovered, which seems to be linked to the same threat actors behind the August 27 Nx compromise (under ongoing investigation). Dubbed Shai Hulud, this self-propagating worm has infected nearly 40 npm packages, including several from CrowdStrike, by harvesting secrets from CI/CD pipelines and cloud […]
Understanding the NVIDIAScape (CVE‑2025‑23266) Container Toolkit Vulnerability – and Why Your AI Workloads Are Most Likely Safe
Overview: CVE-2025-23266 is a container‑escape vulnerability (CVSS 9.0) affecting the NVIDIA Container Toolkit and GPU Operator. While this vulnerability requires multiple specific conditions, it has the potential to allow a malicious container image to escape its sandbox and execute code as root on the host. NVIDIA has released patched versions of both components. Upgrading to Toolkit v1.17.8 and GPU Operator 25.3.1 […]
CVE-2024-12718: Path Escape via Python’s tarfile Extraction Filters
A newly disclosed vulnerability in Python’s standard library, CVE-2024-12718, allows attackers to modify file metadata or file permissions outside the intended extraction directory. This issue affects systems running Python 3.12 and above when using tarfile.extract() or tarfile.extractall() with the filter parameter set to “data” or “tar”. Though the vulnerability does not allow direct code execution, […]
Linux Kernel SMB 0-Day Vulnerability CVE-2025-37899 Uncovered Using ChatGPT o3
For the first time, a zero-day vulnerability in the Linux kernel has been discovered using a large language model, OpenAI’s o3. Discovered by security researcher Sean Heelan and assigned CVE-2025-37899, this vulnerability marks a milestone not just in cybersecurity but in the integration of AI into vulnerability research. It also raises serious questions about the […]
Upwind Accelerates Zero-Day Remediation with Runtime and Network-Aware SBOMs
It was a regular Thursday when Lisa, a DevOps lead at a mid-sized fintech company, got an alert: Log4Shell, a zero-day vulnerability in Log4j, was being exploited. Confident in their security posture, she checked the SBOM. No Log4j. But as network anomalies piled up, a manual scan revealed the truth – Log4j was buried in […]
New CVE-2024-5591 Zero-Day Exploitation of Fortinet Firewalls
On January 14, 2025, Fortinet announced a critical vulnerability impacting its FortiOS and FortiProxy systems, CVE-2024-55591 is an authentication bypass zero-day vulnerability that has been actively exploited since mid-November 2024, enabling attackers to hijack Fortinet firewalls and compromise enterprise networks. Successful exploitation grants remote attackers super-admin privileges via malicious requests to the Node.js websocket module. Discovery […]
Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE
Overview Apache has released a security update to address an important Apache Tomcat vulnerability (CVE-2024-56337) that could result in remote code execution (RCE) under certain conditions. This new CVE is closely tied to the earlier Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation (CVE-2024-50379), for which an incomplete mitigation was issued on December 17, […]
Critical RCE Vulnerability in jsonpath-plus (CVE-2024-21534)
A critical Remote Code Execution (RCE) vulnerability identified as CVE-2024-21534 has been discovered in versions of the jsonpath-plus package before 10.0.0. This vulnerability allows attackers to execute arbitrary code on affected systems by exploiting improper input sanitization and the unsafe default usage of the vm module in Node.js. jsonpath-plus is a JavaScript implementation of JSONPath […]
