A high-severity SSRF vulnerability (CVE-2025-6087) has been discovered in the @opennextjs/cloudflare package, affecting versions before 1.3.0. It allows unauthenticated users to exploit the /_next/image endpoint to load arbitrary remote resources, posing phishing and internal service exposure risks. Mitigations include server-side updates and patches. Users are urged to upgrade to the patched version.
.webp?w=0&resize=0,0&ssl=1 "Hackers Can Exfiltrate Windows Secrets and Credentials Silently by Evading EDR Detection")
Hackers Can Exfiltrate Windows Secrets and Credentials Silently by Evading EDR Detection
A method to silently exfiltrate Windows secrets and credentials, evading detection from most Endpoint Detection and Response (EDR) solutions. This technique allows attackers who have
