In the past decade, the cloud revolution evolved into a major movement – one that introduced a new and complex attack surface. Attackers are increasingly targeting public cloud environments, leveraging misconfigurations and native cloud features to gain initial access, establish persistence, and achieve their malicious objectives. In this article, we dive into attack vectors in […]

Two new critical vulnerabilities, CVE-2025-55182 (React) and CVE-2025-66478 (Next.js), were publicly disclosed today, impacting React and Next.js applications. These issues allow unauthenticated remote code execution under default framework configurations, requiring no special setup or developer mistakes. Testing confirms that even newly generated Next.js applications created with create-next-app and built for production are immediately vulnerable without […]