Vulnerabilities | News, how-tos, features, reviews, and videos
The scope of an old PDF parsing flaw has been widened to include more Tika modules.
Hole in the TAR library and its forks could lead to remote code execution.
The incident highlights rising AI risks as malicious actors exploit powerful tools amid weak safeguards and oversight.
The tool, created by university researchers, is designed to find and automatically create a patch for vulnerabilities in large repositories like GitHub, but it isn’t perfect yet.
Attackers exploit exposed Nomad, Docker, and Gitea instances to deploy XMRig miners within minutes, draining cloud resources and evading detection.
Successful exploitation could allow attackers to steal data, install malware, or take full control over affected big data systems.
The vulnerabilities, dubbed IngressNightmare, can allow unauthenticated users to inject malicious NGINX configurations and execute malicious code into the Ingress NGINX pod, potentially exposing all cluster secrets and leading to cluster takeover.
Install the latest version to close critical authorization bypass vulnerability.
Researchers say compromised tool in the GitHub CI/CD environment stole credentials; infosec leaders need to act immediately.
Attackers gunning for supply chains again, deploying innovative blockchain technique to hide command & control.
Threat actors could use these supply chain attacks to compromise applications, says Checkmarx.
Sun fixed the Java flaw in December, but Apple hasn't shipped the update
Sponsored Links