Connect with us
A new online service allows security researchers to search for exposed shortened URLs, known for their risks to security and privacy. Shortened URLs are comparatively easy to brute-force,...
Google has teamed up with the Linux community on a new project that aims to make open source software more secure through easy code signing and...
Last night, GitHub automatically logged out many users by invalidating their GitHub.com sessions to protect user accounts against a potentially serious security vulnerability. Earlier this month GitHub had received a report of anomalous behavior...
Maintainers of the NPM Registry and Python Package Index (PyPI) have removed thousands of rogue packages smuggled into the repositories via the novel ‘dependency confusion’ technique....
ModSecurity 3 web application firewall (WAF) installations configured to disable Request Body Access can be bypassed, security researchers warn. The purported issue in ModSecurity rule sets is...
Vulnerabilities in the Smarty PHP template engine could be exploited to achieve remote code execution (RCE) in third-party applications, a security researcher has warned. Two separate sandbox...
UPDATED A Go package that relays system information to a Chinese IP address was one of several suspicious repositories uncovered during an investigation into typosquatting in the...
The maintainers of systeminformation, a popular Node.js package, have patched a bug that left applications vulnerable to command injection attacks. Systeminformation provides dozens of functions for retrieving...
Centris, a new tool developed by a global team of researchers from Korea University and the Georgia Institute of Technology, is designed to make the reuse...
UPDATED SQLite has issued a security patch after the discovery of a use-after-free bug that, if triggered, could lead to arbitrary code execution or denial of service (DoS). The...
Recent Comments