Podcast Detail

SANS Stormcast Monday Mar 24th: Critical Next.js Vulnerability; Microsoft Trust Signing Platform Abuse

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9376.mp3

Critical Next.js Vulnerability; Microsoft Trust Signing Platform Abuse

00:00

Application Security: Securing Web Apps, APIs, and Microservices	Orlando	Apr 13th - Apr 18th 2025
Application Security: Securing Web Apps, APIs, and Microservices	San Diego	May 5th - May 10th 2025

Critical Next.js Vulnerability CVE-2025-29927
A critical vulnerability in how the x-middleware-subrequest header is verified may lead to bypassing authorization in Next.js applications.
https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware
https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw
https://www.runzero.com/blog/next-js/

Microsoft Trust Signing Service Abused
Attackers abut the Microsoft Trust Signing Service, a service meant to help developers create signed software, to obtain short lived signatures for malware.
https://www.bleepingcomputer.com/news/security/microsoft-trust-signing-service-abused-to-code-sign-malware/

iTunes

MP3 Download

RSS Feed

Google

Podbean

Amazon Echo

YouTube

Spreaker

Spotify

Application Security: Securing Web Apps, APIs, and Microservices	Orlando	Apr 13th - Apr 18th 2025
Application Security: Securing Web Apps, APIs, and Microservices	San Diego	May 5th - May 10th 2025
Network Monitoring and Threat Detection In-Depth	Baltimore	Jun 2nd - Jun 7th 2025
Application Security: Securing Web Apps, APIs, and Microservices	Washington	Jul 14th - Jul 19th 2025

no transcript found