Researchers from Trend Micro have discovered a way for bad actors to abuse a GitHub Codespaces feature to deliver malware.
A four-year old Microsoft Azure App Service 0-day vulnerability dubbed “NotLegit” affects hundreds of source code repositories.
Researchers have discovered a Critical 0-day vulnerability (CVE-2021-44228) in Apache Log4j logging utility that can result in remote code execution (RCE). In addition, CISA and Microsoft also issue new guidance for log4j vulnerability remediation.
GitHub has fixed two node package manager (npm) registry vulnerabilities, one of those could allow an attacker to publish new versions of an npm package without proper authorization.
Security researchers have released a new Proof of Concept (PoC) tool that demonstrates BrakTooth vulnerability exploits against Bluetooth-enabled devices.
Microsoft has issued a workaround for a serious zero-day vulnerability CVE-2021–36934 dubbed “SeriousSAM” that could allow an attacker to read any registry hives as a non-administrator.
Microsoft has open sourced CodeQL queries used to scan for Solorigate malware activity that matches the SolarWinds supply-chain attack.
Drupal has patched a Critical third-party library vulnerability (CVE-2020-36193) that affects multiple versions of Drupal Core.
Security experts from Microsoft have observed a cyber threat actor dubbed GADOLINIUM that uses new attack techniques via cloud services and open source tools.