Hello Austin Gophers! The ATX Go Meetup is THIS WEDNESDAY (April 9th). The meetup includes lightning talks, pizza, beverages, and general discussion. Have a neat idea? A quick talk related to Go? Something to show-and-tell? Running into a weird bug? Swing on by and hope to see you there! https://www.meetup.com/atxgolang/events/305492496/
home > posts
Tired of using boring web browsers to manage your exposure with runZero? Nostalgic for the days of clean, MS-DOS terminal graphics? Ditch your modern trappings and visualize your network map using the best visualization tool of all time, ToneLoc:
Wondering how and why your vulnerability management tools are failing you? My talk
"Your Next Incident Won't Have a CVE" is now live at https://www.runzero.com/resources/your-next-incident-wont-have-a-cve/PS. runZero shipped coverage for Nutanix this week
Hoping this helps someone else. When setting up a Supermicro AS-1015A-MT 1U w/H13SAE-MF & Ryzen processor, trying to boot Debian 12 or Proxmox 8.3 media results in "Welcome to Grub" and the machine stalling, sometimes also showing "error: no such device: /.disk/info". The fix? Disconnect the display (!) or wait 30-45 minutes for the installer to show up otherwise. The IPMI KVM works fine for setup. Thanks to mirk_daniel on the Proxmox forums for the tip! https://forum.proxmox.com/threads/installation-error-grub-error-disk-info-proxmox-ve-8-3.159131/
Jacob Sandum posted a detailed and well-written PoC for the IngressNightmare (CVE-2025-1974 ) vulnerability found in the Kubernetes ingress-nginx Admission Controller by Wiz (Woogle!). If you are looking for a quick way to reproduce the issue or validate detection and mitigation, take a look:
https://github.com/sandumjacob/IngressNightmare-POCs/blob/main/CVE-2025-1974/README.mdToday, Wiz (Woogle?) released an advisory detailing an attack chain they’ve dubbed IngressNightmare, which, if left exposed and unpatched, can be exploited to achieve remote code execution by unauthenticated attackers. The advisory, covering five separate vulnerabilities, was published after a brief embargo period, once the Kubernetes folks got their patches together.
You can find a brief writeup and search queries for runZero at: https://www.runzero.com/blog/ingress-nightmare/
The researchers who found the Next.js middleware vulnerability (CVE-2025-29927) have released the full paper: https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware
Notable is that the auth bypass requires the x-middleware-subrequest value to be one of these two forms:
middleware:middleware:middleware:middleware:middleware OR
src/middleware:src/middleware:src/middleware:src/middleware:src/middlewareNext.js dropped a CVSS 9.1 authentication bypass vulnerability (CVE-2025-29927) over the weekend. This flaw is trivially exploitable by sending the header `x-middleware-subrequest: true` and causes the request to skip all middleware processing, including any authentication steps.
Shodan reports over 300,000 services with the `X-Powered-By: Next.js` header alone.
You can find links to the advisory and queries for runZero at: https://www.runzero.com/blog/next-js/
Good morning from Bootstrap`25[1] in Austin, Texas! Haroon Meer kicks us off with "Security Products Don't Have To Suck", which makes many great points, but among those that most security industry "awards" are hot garbage play-to-win trophies, run by the same marketing agencies under a dozen aliases (but often the same Google Analytics ID):
1. https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/
Pat Gray, Founder of Risky Business, Joins Decibel as Founder Advisor. Great interview at
https://www.decibel.vc/articles/pat-gray-founder-of-risky-business-joins-decibel-as-founder-advisor