One Year After Log4Shell, Most Firms Are Still Exposed to Attack
The Log4j vulnerability continues to present a major threat to enterprise organizations one year after the Apache Software Foundation disclosed it last November — even though the number of...
Artifact Poisoning in GitHub Actions Imports Malware via Software Pipelines
An attacker submitting changes to an open source repository on GitHub could cause downstream software projects that include the latest version of a component to compile updates with malicious...
LastPass Discloses Second Breach in Three Months
An attacker who breached the software development environment at LastPass this August and stole source code and other proprietary data from the company appears to have struck the password...
CyberRatings.org Announces Results from First-of-its-Kind Comparative Test on Cloud Network Firewall
AUSTIN, Texas, Dec. 1, 2022 /PRNewswire/ — CyberRatings.org, the non-profit entity dedicated to providing transparency on cybersecurity product efficacy, has completed an independent test of eight market leading security...
IBM Cloud Supply Chain Vulnerability Showcases New Threat Class
A vulnerability in IBM Cloud databases for PostgreSQL could have allowed attackers to launch a supply chain attack on cloud customers by breaching internal IBM Cloud services and disrupting...
Google TAG Warns on Emerging Heliconia Exploit Framework for RCE
Google's Threat Analysis Group (TAG) has discovered a cyberattack framework dubbed Heliconia, built to exploit zero-day and n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender. It likely has connections...
CyberRatings.org Revives NSS Labs Research
AUSTIN, Texas, Nov. 29, 2022
/PRNewswire/ — CyberRatings.org, the nonprofit entity dedicated to
providing transparency on cybersecurity product efficacy, has launched
The NSS Labs archive, a library of over 800 test reports,...
Critical Quarkus Flaw Threatens Cloud Developers With Easy RCE
A critical remote code-execution (RCE) bug in an open source Java virtual machine (JVM) framework threatens enterprise environments by giving attackers an easy way to compromise development teams —...
New Exploit Broker on the Scene Pays Premium for Signal App Zero-Days
Gray-market exploit brokers are alive and kicking, with the latest sign of this flourishing market coming in the form of a bidding war for Signal messaging app zero-days from...
Serum exchange rendered ‘defunct’ following the collapse of Alameda and FTX
Solana-based decentralized exchange (DEX) Project Serum has notified its community that the collapse of its backers — Alameda and FTX — has rendered it “defunct”. The team behind the...
