Researchers warn that attackers could exploit a recently discovered critical vulnerability in the open-source JavaScript framework Next.js to bypass authorization in middleware and gain access to targeted systems. Vercel, the San Francisco-based company that created and maintains Next.js, released a patch for CVE-2025-29927 in Next.js 15.2.3 on March 18 and published a security advisory on…
Category: vulnerability disclosure
Asia Pacific, federal contractors, Gerry Connolly, Global Security News, Government, HackerOne, Nancy Mace, Policy, vdp, vulnerability disclosure
House passes bill requiring federal contractors to have vulnerability disclosure policies
A bill that would close a loophole in federal cybersecurity standards by requiring government contractors to abide by vulnerability disclosure policies moved one step closer to law Monday after sailing through the House. The passage of the Federal Contractor Cybersecurity Vulnerability Reduction Act in the House came a month after Reps. Nancy Mace, R-S.C., and…
Asia Pacific, federal contracting, Global Security News, Government, Nancy Mace, Policy, Shontel Brown, vdp, vulnerability disclosure
Bill requiring federal contractors to have vulnerability disclosure policies gets House redo
Bipartisan legislation to close a loophole in federal cybersecurity standards by requiring vulnerability disclosure policies for government contractors is getting another shot at passage in this Congress. The Federal Contractor Cybersecurity Vulnerability Reduction Act, a bicameral, bipartisan bill that stalled out last year in the Senate, was reintroduced Friday in the House by Reps. Nancy…