Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On Friday morning, March 21, 2025, at 9:00 a.m. UTC, a security advisory identified as CVE-2025-29927 was published. It cited a critical 9.1 severity vulnerability for mainstream Next.js applications. Next.js versions considered vulnerable: We urge all developers to upgrade and deploy the latest version of Next.js that carries a fix to avoid suffering critical authorization bypass and other middleware logic circumvention.

Financial institutions face a tricky balancing act: they need to innovate quickly while also following strict compliance rules in an environment where security is paramount. Recently, Snyk's Field CTO, Steven Schmidt, sat down with Mihai Saveschi, Senior Director of Security Service Management at CIBC, for a fireside chat to discuss these pressing issues. We’ve pulled key insights from their conversation on some of the most pressing AppSec challenges facing financial services organizations today.

Developers are trapped in a loop: constantly chasing dependency upgrades to mitigate security risks or chasing down security reports of vulnerable code or findings in the CI pipeline. Developers often refer to this as “vulnerability fatigue,” a term commonly referenced in npm package install logs that list the newly introduced security vulnerabilities for third-party dependencies.

Speed and innovation rule in software development, which makes it easy to overlook one crucial aspect: security. As a Staff Solutions Engineer at Snyk, I’ve seen firsthand how a single overlooked vulnerability can spiral into a crisis, affecting businesses, customers, and trust. Secure coding isn’t just about writing better code—it’s about protecting what matters, which includes the credibility and reputation of individuals, teams, and the business.