Intro
Hi everyone!
I hope you had a great weekend. This edition starts with IngressNightmare — a series of vulnerabilities that may lead to unauthenticated remote code execution in Kubernetes. The linked article thoroughly presents the exploitation process and requirements to perform an effective attack. If you work with Next.js, you will be also interested in the recently fixed authorization bypass vulnerability.
Taking into account the recent, widely discussed attack against the open-source “tj-actions/changed-files” GitHub Action, I recommend taking a look at “Whose code am I running in GitHub Actions?” — an article that illustrates the necessity of using immutable references to safeguard GitHub workflows.
For developers and security professionals working with the SDLC, it’s worth checking out how threat modeling is performed by Trail of Bits.
Last but not least, a pentester and content creator named PinkDraconian created a great walkthrough video presenting the exploitation process of Damn Vulnerable RESTaurant.
Enjoy the materials and stay secure!
Materials
🕵️ CVE-2025-29927 – Authorization Bypass Vulnerability in Next.js: All You Need to Know
What you need to know about the recently discovered Next.js CVE 2025-29927 vulnerability? This article provides an in-depth technical analysis of the authorization bypass flaw, its affected versions, exploitation example and recommended mitigation. Best for web developers and security professionals working with Next.js.
🕵️ IngressNightmare: CVE-2025-1974 – 9.8 Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX
This article discusses “IngressNightmare” – a series of severe unauthenticated remote code execution vulnerabilities that could lead to compromise a number of cloud environments. Aimed at DevOps, Kubernetes specialists and security teams. It offers insights on the vulnerabilities, their implications and recommended mitigation.
👨🍳 Damn Vulnerable RESTaurant – Walkthrough Video
You may already know Damn Vulnerable RESTaurant project which is a training playground for security enthusiasts willing to learn API security. Now, pentester and content creator named PinkDraconian created a great walkthrough video presenting the exploitation process of the app. It took him ~20minutes to obtain root user starting from unauthenticated perspective. If you didn’t play with that yet, I highly recommend to take a look at the video. It presents the shortest exploitation path but you can find there much more vulns and other exploitation paths. Have fun!
📃 Whose code am I running in GitHub Actions?
The article presents a recent security incident involving malicious code in a popular GitHub Action, higlighting the importance of using immutable references, especially to third-party Actions. It provides a shell script for checking the GitHub Actions in your workflows. Suggested for developers, DevOps and AppSec specialists.
📃 Threat modeling the TRAIL of Bits way
Curious about how other companies perform threat modelling to improve application’s security? The Trail of Bits blog introduces the TRAIL threat modeling process, which combines established methodologies to document system risks and design vulnerabilities. This article is valuable for security professionals and developers looking for effective threat modelling implementation throughout the software development lifecycle.
📃 A maintainer’s guide to vulnerability disclosure: GitHub tools to make it simple
How can open source maintainers effectively handle vulnerability reports? This article guides maintainers through a structured approach to vulnerability disclosure, presenting tools like GitHub’s Private Vulnerability Reporting and draft security advisories. Dedicated for developers involved in open source projects looking to enhance their security practices.
🕵️ GitHub CodeQL Actions Critical Supply Chain Vulnerability (CodeQLEAKED)
What risks does a minor exposed secret pose in CI/CD processes? This article explores a potential supply chain vulnerability associated with GitHub’s CodeQL due to mistakenly exposed tokens. Targeted at security professionals and DevOps teams, it reveals the implications of token misuse on GitHub Actions workflows and how such vulnerabilities could be exploited.
⚠️ Fake “Security Alert” issues on GitHub use OAuth app to hijack accounts
Are you aware of the recent phishing attacks targeting GitHub repositories? This article presents a widespread campaign that tricked developers into granting malicious OAuth apps access to their accounts. It presents the attack, how to identify it and revoke such access. If you or your colleages use GitHub actively, definitely worth to read.
