Security researchers have discovered malicious software packages from Python's official third party software package repository PyPl stealing payment card numbers and injecting code.
Cybersecurity researchers have discovered a series of chained Atlassian vulnerabilities that could have allowed an attacker to take over an Atlassian account connected via SSO and control Atlassian applications.
PHP maintainer Nikita Popov has published new details regarding the likely cause of a recent PHP source code compromise and insert of malicious code.
Microsoft has open sourced CodeQL queries used to scan for Solorigate malware activity that matches the SolarWinds supply-chain attack.
Drupal has patched a Critical third-party library vulnerability (CVE-2020-36193) that affects multiple versions of Drupal Core.
Drupal has released security updates that fix a Critical XSS bug and 4 other vulnerabilities in multiple versions of Drupal. A remote attacker could exploit these vulnerabilities to compromise an affected system.
Developers have updated the WordPress plugin File Manager to fix a critical vulnerability that could have allowed hackers to gain complete access to nearly 700 thousand WordPress websites.
The Homeland Security Systems Engineering and Development Institute (HSSEDI), has released the 2020 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list.
Jenkins, a popular open source automation server software, has patched a Critical buffer corruption vulnerability CVE-2019-17638 in bundled Jetty.
Magento has released security updates to address vulnerabilities in Magento Commerce 2 (formerly known as Magento Enterprise Edition) and Magento Open Source 2 (formerly known as Magento Community Edition).