The Apache Software Foundation (ASF) is calling out for-profit companies leeching on open-source code, warning that “only a tiny percentage” of downstream vendors are contributing to securing the open-source ecosystem.
The U.S. State Department and the National Counterintelligence and Security Center (NCSC) on Friday issued a warning over the use of commercial surveillance tools.
The relatively recent Abcbot botnet appears to be operated by the same cybercriminals that launched a Xanthe-based cryptojacking campaign first detailed a couple of years ago, Cado Security says.
Cybersecurity firm SonicWall says it has released patches for some of its email security and firewall products to address a bug that resulted in failed junk box and message log updates.
WordPress 5.8.3, a security release that became available last week, patches four injection-related vulnerabilities.
Two of the flaws are SQL injections — one affects WP_Meta_Query (discovered by Ben Bidner of the WordPress security team) and one affects WP_Query (discovered by ngocnb and khuyenn of GiaoHangTietKiem JSC).
The India-linked threat actor tracked as Patchwork was observed employing a new variant of the BADNEWS backdoor in a recent campaign, but the hackers also infected one of their own computers, giving researchers a glimpse into their operations.
Taiwan-based QNAP Systems on Friday warned users of an increase in attacks targeting network-attached storage (NAS) appliances, urging them to secure their devices as soon as possible.
The aggressive Zloader banking malware campaign is exploiting Microsoft’s digital signature verification method to inject code into a signed system DLL, according to researchers at Check Point.
VMware this week shipped security updates for its Workstation, Fusion and ESXi product lines, warning that a heap-overflow vulnerability could expose users to code execution attacks.
Impostazioni privacy
Questo sito utilizza i cookie per migliorare la tua esperienza di navigazione su questo sito.
