The development framework Next.js has remediated a critical security vulnerability, designated as CVE-2026-44578, which afflicts applications deployed on self-hosted infrastructure utilizing the embedded Node.js server runtime. The flaw manifests as a Server-Side Request Forgery...
The month of April concluded for the American firm Vercel with a distressing incident that precipitously transcended the boundaries of a mere internal complication. Adversaries secured unauthorized ingress into a segment of the company’s...
Researchers have documented the inaugural instance of a deleterious Microsoft Outlook extension proliferating through the official Office Add-in Store. The focal point of this incursion is AgreeTo, a legacy scheduling utility. While the original...
Adversaries have intensified their offensives against Facebook users by deploying one of the most inconspicuous and treacherous phishing methodologies of recent years. Cybersecurity specialists at Trellix have observed a surge in campaigns utilizing “Browser-in-the-Browser”...
The long-running React2Shell saga—which has continued to disrupt many web projects—has taken another turn: it has emerged that the original fix was incomplete. A deeper review uncovered two additional vulnerabilities in the React Server...
