1. RCE via Umami Dependency (Next.js CVE-2025-66478) Leads to Root Server Compromise
A critical vulnerability in Next.js (CVE-2025-66478) has been confirmed to have led to a root-level compromise on a server running the Umami analytics application. The report validates the exploit vector through Umami's use of the vulnerable Next.js version and details the attacker's post-exploitation activity for comm...