Learn about CVE-2025-29927, a critical vulnerability in Next.js that impacts authorization checks in middleware.

Trend Zero Day Initiative™ (ZDI) uncovered both state-sponsored and cybercriminal groups extensively exploiting ZDI-CAN-25373, a Windows .lnk file vulnerability that enables hidden command execution.