In a major wake-up call for Go developers, security researcher ReneWerner87 disclosed GHSA-68rr-p4fp-j59v four days ago, exposing a critical vulnerability in the popular Fiber v2 web framework. Dubbed CVE-2025-66630, this flaw stems from Fiber v2’s internal gofiber/utils module, where UUIDv4() and UUID() functions generate predictable or all-zero UUIDs (like 00000000-0000-0000-0000-000000000000) when Go’s crypto/rand fails to […] The post Critical UUID Flaw in Fiber v2 on Go 1.24+ Enables Session Hijacking and CSRF Bypass appeared first on Cyber Security News.