Connect with us
Researchers from AntGroup FG Security Lab have discovered a critical security vulnerability allowing an attacker to remotely execute code within a Grails application runtime. Grails is...
INTERVIEW The security of the software supply chain has rocketed up the infosec agenda since The Daily Swig last spoke to Brian Fox, co-founder and CTO at DevSecOps vendor...
Malicious actors could take over an administrator account in Grafana due to a vulnerability in its OAuth login function, researchers have warned. The security flaw, tracked as CVE-2022-31107, could...
The Python Package Index (PyPI) is rolling out two-factor authentication (2FA) for “critical projects” in the form of physical security keys. Mindful of the growing threat to software supply...
Node.js maintainers have released multiple fixes for vulnerabilities in the JavaScript runtime environment that could lead to arbitrary code execution and HTTP request smuggling, among other...
A high severity vulnerability in OpenSSL could allow a malicious actor to achieve remote code execution (RCE) on server-side devices. OpenSSL is a widely used cryptography...
Here’s our latest round-up of hacking tools available to pen testers, enterprise security specialists, and other infosec professionals at the start of the third quarter of...
Security teams have a new tool to hunt for malware, using open source YARA rules. YARAify can scan files using public YARA rules, integrate public and non-public...
RubyGems has become the latest code repository to require multi-factor authentication (MFA) for some of its largest publishers. The package manager has started alerting the maintainers of...
The developer of the Formidable project has fought against the allocation of a CVE vulnerability entry by Mitre Corporation. Formidable is a popular parser, available on GitHub,...
Recent Comments