CVE-2025-1293 - How Weak JWT Validation in Hermes (<=.4.) Let Attackers Slip Past AWS ALB Authentication
In the world of cloud-native services, security issues can quickly ripple out and create huge risks for organizations. One such issue was discovered in Hermes—
CVE-2025-24989 - Power Pages Improper Access Control Flaw Explained, With Exploit Details
In early 2025, security researchers found an improper access control vulnerability in Microsoft's Power Pages platform, tracked as CVE-2025-24989. This issue allowed unauthorized
CVE-2025-21355 - How Missing Authentication in Microsoft Bing Puts Your Network at Risk
---
In June 2025, security researchers discovered a severe vulnerability in Microsoft Bing, tracked as CVE-2025-21355. This issue centers around missing authentication in a critical
CVE-2025-25196 - Authorization Bypass in OpenFGA (<v1.8.4) Exposes Protected Resources
---
Exclusive Long Read | June 2024
OpenFGA is increasingly popular among developers for permission and authorization solutions. Inspired by Google Zanzibar, it offers flexible, granular
CVE-2025-0624 - Grub2 Network Boot Out-of-Bounds Write Can Lead to Remote Code Execution
In 2025, a serious vulnerability was discovered in GRUB2, the widely-used boot loader for Linux systems. CVE-2025-0624 exposes systems to remote code execution during network
Episode
00:00:00
00:00:00