The Hacker News

Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials

Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services ...
bitnewsbot

Pandoc CVE-2025-51591 Exploited to Target AWS IMDS Credentials

Cloud security firm Wiz reported in-the-wild exploitation attempts against a vulnerability in the Linux utility Pandoc, aiming to breach the Amazon Web Services (AWS) Instance Metadata Service (IMDS).
The Hacker News

BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells

Cybersecurity researchers are calling attention to a search engine optimization (SEO) poisoning campaign likely undertaken by a Chinese-speaking threat actor using a malware called BadIIS in attacks ...
GitHub

App Registration Federated Credentials Using Custom Claim Expression Causes Internal Server Error

I am attempting to filter through all of my App Registrations that have Federated Credentials configured, but am getting an Internal Server Error from the API ...
GitHub

Javascript collocation with dot separated files

In a project I have, we've been using blazor components that have dot separated names like "User.Profile.Details.razor" and javascript collocation has been difficult since a little while (.net 8-ish).