lemmydev2

In this post, we’ll look how an adversary can mint authentication cookies for Next.js (next-auth/Auth.js) applications to maintain persistent access to the application as any user.

The reason this is important is because of React2Shell, which is a deserialization vulnerability that allows an adversary to run arbitrary code. Much has been discussed about this vulnerability, and you can read up the original details from the finder here.

Comments

Microsoft announced on Wednesday that it disrupted RedVDS, a massive cybercrime platform linked to at least $40 million in reported losses in the United States alone since March 2025. [...]

Security pros often say that zero trust sounds straightforward until they try to apply it across real systems, real users, and real data. Many organizations are still sorting out what they own, how access works, and where authority sits. That day-to-day reality is the context for a new set of implementation documents released by the National Security Agency. A series built for phased adoption The NSA has published the first two documents in its Zero … More → The post The NSA lays out the first steps for zero trust adoption appeared first on Help Net Security.

Cybersecurity budgets keep climbing, but many security leaders still struggle to explain what that spending delivers to the business. A new study by Expel examines that disconnect through a survey of security and finance executives at large enterprises. The research looks at how the two groups view risk, investment decisions, and their working relationship. Shared priorities, uneven trust Security leaders believe their priorities align with business objectives. Most say cybersecurity supports company goals and plays … More → The post Cybersecurity spending keeps rising, so why is business impact still hard to explain? appeared first on Help Net Security.

Third-party cyber risk continues to concern security leaders as vendor ecosystems grow, supply chains stretch, and AI plays a larger role in business operations. A recent Panorays survey of U.S. CISOs shows rising third-party incidents and growing regulatory attention, while visibility beyond direct vendors and the resources to manage that risk continue to fall short. Ranking of third-party cyber risk compared to other cybersecurity risks Third-party risk remains a top concern CISOs rank third-party cyber … More → The post CISOs flag gaps in third-party risk management appeared first on Help Net Security.

QR codes have become a routine part of daily life, showing up on emails, posters, menus, invoices, and login screens. Security-savvy users have learned to treat links with caution, but QR codes still carry an assumption of safety. Researchers from Deakin University have examined how visually stylized QR codes are being used in quishing attacks. Examples of custom-shaped QR codes Their study introduces a detection method that evaluates QR codes based on their structure rather … More → The post QR codes are getting colorful, fancy, and dangerous appeared first on Help Net Security.

Microsoft's AI assistant hallucinated a soccer match.

Stealthy Group Taps Blockchain 'EtherHiding' to Facilitate Victim CommunicationsThe DeadLock ransomware group, a newly emerged digital extortion group, is using blockchain smart contracts to store proxy server addresses for facilitating ransomware negotiations with victim organizations. The technique suggests the group is made up of experienced cybercriminals.

Multiple current and former Target employees confirmed that leaked source code samples posted by a threat actor match real internal systems. The company also rolled out an "accelerated" lockdown of its Git server, requiring VPN access, a day after being contacted by BleepingComputer. [...]

How UX Decisions Are Becoming Regulatory Liabilities for CISOsChildren's data is entering a new regulatory era where dark patterns, defaults and monetization choices can signal breached fiduciary duty. As privacy, safety and consumer laws converge globally, CISOs must treat manipulative UX, consent flows and retention practices as core security and governance risks.

Apple has confirmed active exploitation, but full protections are limited to iPhones running iOS 26+ (yes, the one with Liquid Glass).