North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat actors have published a set of 26 malicious packages to the npm registry. The packages masquerade as developer tools, but contain functionality to extract the actua...

PT-2022-23140 · Next.Js +1 · Next.Js +1

Name of the Vulnerable Software and Affected Versions: Next.js version 12.2.3 Description: The issue affects Next.js when used with Node.js version above v15.0.0 and strict unhandledRejection exiting, and when using next start or a custom server. Specific requests to the Next.js server can cause ...

GHSA-9GR3-7897-PP7M XSS in Image Optimization API for Next.js

Impact - Affected: All of the following must be true to be affected - Next.js between version 10.0.0 and 11.1.0 - The next.config.js file has images.domains array assigned - The image host assigned in images.domains allows user-provided SVG - Not affected: The next.config.js file has images.loade...