Since September 2021, up to 85 command-and-control (C2) servers have been identified as being used by the ShadowPad malware. Along with infrastructure being founded…
github
SQLite Database Library Reported a 22-Year-Old Vulnerability
The SQLite database library has a high-severity vulnerability that was introduced as part of a code update that dates all the way back to…
The NPM Registry API may be subject to a new timing attack that exposes private packages.
Developers may be exposed to supply chain risks as a result of novel timing attacks uncovered against the registry API of the npm package…
An unauthorized WhatsApp Android app was discovered taking user accounts.
YoWhatsApp, an unauthorized WhatsApp Android app, has a new version that has been discovered to steal account access keys from users. YoWhatsApp is a…
Widespread website hijack danger is caused by hidden DNS resolver vulnerabilities
WordPress installations at risk from a cache poisoning attack due to faked password resets. Security researchers caution that hidden DNS resolvers can be used…
A serious open source flaw WebPageTest is still not patched.
After a talk, a blog post, and public publication, the RCE exploit is still open for discussion. The maintainers of the WebPageTest project seem…
The Spring Cloud-enabled Nepxion Discovery software does not fix RCE and information leak issues.
Chinese project maintainer appears to have closed the public issue without offering a patch. Nepxion Discovery Software, an open-source project that offers functionality for…
A new 0-day RCE vulnerability on Microsoft Exchange Server was used in a new attack campaign.
While providing security monitoring and incident response services around the beginning of August 2022, the GTSC SOC team learned that a vital infrastructure was…
Java template framework Pebble vulnerable to command injection
The problem still has to be fixed, although there are solutions available. Pebble, a Java templating engine, had a weakness that might let attackers…
350k open-source repositories still include the 2007 tarfile path traversal problem.
A warning was chosen preferable to a patch and added to the Python documentation. Security experts estimate that a 15-year-old path traversal vulnerability in…