# AppSec Newsletter 0041

### Links

* [CVE-2025-29927: Next.js Middleware Authorization Bypass - Technical Analysis | Project Discovery](https://projectdiscovery.io/blog/nextjs-middleware-authorization-bypass)
    
* [GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files Incident: Threat Assessment (Updated 3/21) | PaloAlto](https://unit42.paloaltonetworks.com/github-actions-supply-chain-attack/)
    
* [From Pandora's Box to Nuclear Fishing: Escalating Threats in Build Pipelines Security | BoostSecurity](https://boostsecurity-io.cdn.ampproject.org/c/s/boostsecurity.io/blog/pandoras-box-to-nuclear-fishing-escalating-threats-in-build-pipeline-security?hs_amp=true)
    
* [TM-Bench - A Benchmark for LLM-Based Threat Modeling](https://www.tmbench.com/)
    
* [Vulnerability Exploitation in the Wild - A look at the inaugural study of EPSS Data and Performance | Resilient Cyber](https://www.resilientcyber.io/p/vulnerability-exploitation-in-the)
    
* [Securing AI/LLMs in 2025: A Practical Guide To Securing & Deploying AI](https://softwareanalyst.substack.com/p/securing-aillms-in-2025-a-practical)
    
* [Github Well Architected - Best Practices for Designing, Implementing, and Optimizing Your GitHub Environment](https://wellarchitected.github.com/)
    

### **Siga o Guia de AppSec nas redes!**

* Youtube: [**youtube.com/@GuiadeAppSec**](http://youtube.com/@GuiadeAppSec)
    
* Twitter / X: [**twitter.com/guiadeappsec**](http://twitter.com/guiadeappsec)
    
* Site: [**guiadeappsec.com.br**](http://guiadeappsec.com.br/)
