Intel reports leak of Alder Lake BIOS source code
Chipmaker Intel has confirmed a leak of its Alder Lake BIOS source code, as revealed on 4chan and GitHub. However, the hacker’s origin (or root cause) remains unknown.
Source Code
PHP user database leak allegedly led to PHP source code compromise
PHP maintainer Nikita Popov has published new details regarding the likely cause of a recent PHP source code compromise and insert of malicious code.
Microsoft open sources CodeQL queries to scan for Solarwinds-like Solorigate activity
Microsoft has open sourced CodeQL queries used to scan for Solorigate malware activity that matches the SolarWinds supply-chain attack.
Git tool patches serious vulnerabilities
repository hosting services GitHub, GitLab and Microsoft VSTS were all impacted by a serious vulnerability that could lead to arbitrary code execution when a developer uses a malicious repository, Threatpost reports. Each of the hosting services patched the bug on Tuesday.
GitHub scans and finds 4M vulnerabilities
GitHub ran a security scan to find old vulnerabilities in JavaScript and Ruby libraries in over a half million public repositories. The scan results turned up over four million vulnerabilities and sent alerts to developers to patch the bugs. GitHub is leading software development platform used to host, review and manage software source code, used by millions of developers.
Apple’s iPhone ‘iBoot’ source code leak
Someone has posted to GitHub the purported source code for a critical component for iPhone’s bootloader or “iBoot.” Access to iBoot code could allow hackers to find vulnerabilities in iOS that could be exploited in the future. iBoot is responsible for ensuring the trusted boot of the mobile operating system, in a sense like iPhone’s BIOS.