Microsoft has recently discovered social engineering activities by an actor we trace as ZINC that weaponized legal open-source software. In the US, UK, India,…
open source software
Google Scorecards tool Scans Open-Source Software for Security risks
Google has dispatched an updated version of Scorecards, which is their automated security tool that creates a “risk score” for open source drives, with…
TELUS is investigating a leak of stolen source code, employee data
A threat actor has posted images that disclosed the TELUS company’s payroll details and source code repositories. TELUS is the 2nd most prominent company…
Hackers penetrate gaming companies using the new IceBreaker software.
Researchers have given the backdoor IceBreaker the name because it appears to be used by hackers to attack internet play and gambling businesses. The…
Microsoft was prosecuted for open-source theft via GitHub Copilot.
Programmer and attorney Matthew Butterick have filed lawsuits against Microsoft, GitHub, and OpenAI. He argued that GitHub Copilot infringes on programmers’ rights and breaches…
Checkmk IT infrastructure monitoring software has Vulnerabilities
The Checkmk IT Infrastructure monitoring software has vulnerabilities that have been publicly revealed and could be exploited by a remote, unauthenticated attacker to completely…
New OpenSSL Critical Vulnerability
On October 25, 2022, the OpenSSL project announced that OpenSSL (v3.0.7) would be released to fix a serious security flaw. On Tuesday, November 1,…
A serious open source flaw WebPageTest is still not patched.
After a talk, a blog post, and public publication, the RCE exploit is still open for discussion. The maintainers of the WebPageTest project seem…
The Spring Cloud-enabled Nepxion Discovery software does not fix RCE and information leak issues.
Chinese project maintainer appears to have closed the public issue without offering a patch. Nepxion Discovery Software, an open-source project that offers functionality for…
350k open-source repositories still include the 2007 tarfile path traversal problem.
A warning was chosen preferable to a patch and added to the Python documentation. Security experts estimate that a 15-year-old path traversal vulnerability in…