Niklas Heringer (Page 1)

insecure-deserialization

A 10/10: CVE-2025-55182 haunting React and Next.js

React2Shell seems to be the Log4Shell of the JavaScript world. We break down the unsafe deserialization in React's Flight protocol, why APT groups like Earth Lamia tried to exploit it instantly, and why your audit checklist needs to check for architectural integrity. Patch immediately!

06 Dec

owasp

Some Welcome Changes: Dissecting the OWASP Top 10 2025

See the complete breakdown of the new OWASP Top 10 list. Why Supply Chain (A03) and Misconfiguration (A02) displaced Injection, and how the new A10 (Exceptional Conditions) category defines modern AppSec risks in Cloud and AI environments. See the Migration Cheat Sheet for Builders and Pentesters.

03 Dec