Application Security

Researchers discover Critical RCE 0-day “Log4Shell” vulnerability (CVE-2021-44228) in Apache Log4j logging utility (update)

Researchers have discovered a Critical 0-day vulnerability (CVE-2021-44228) in Apache Log4j logging utility that can result in remote code execution (RCE). In addition, CISA and Microsoft also issue new guidance for log4j vulnerability remediation.

Researchers discover Critical RCE 0-day “Log4Shell” vulnerability (CVE-2021-44228) in Apache Log4j logging utility (update) Read More »

Embedded malware discovered in NPM package ua-parser-js

Embedded malware has been discovered in an NPM package ua-parser-js, a popular JavaScript library designed to detect browser, engine, OS, CPU, and device type/model from User-Agent data.

Embedded malware discovered in NPM package ua-parser-js Read More »

Malicious PyPI software packages found stealing payment card numbers and injecting code

Security researchers have discovered malicious software packages from Python’s official third party software package repository PyPl stealing payment card numbers and injecting code.

Malicious PyPI software packages found stealing payment card numbers and injecting code Read More »

Attackers could have taken over an Atlassian account via one-click exploit

Cybersecurity researchers have discovered a series of chained Atlassian vulnerabilities that could have allowed an attacker to take over an Atlassian account connected via SSO and control Atlassian applications.

Attackers could have taken over an Atlassian account via one-click exploit Read More »

Microsoft open sources CodeQL queries to scan for Solarwinds-like Solorigate activity

Microsoft has open sourced CodeQL queries used to scan for Solorigate malware activity that matches the SolarWinds supply-chain attack.

Microsoft open sources CodeQL queries to scan for Solarwinds-like Solorigate activity Read More »

Drupal fixes Critical XSS bug and 4 other vulnerabilities

Drupal has released security updates that fix a Critical XSS bug and 4 other vulnerabilities in multiple versions of Drupal. A remote attacker could exploit these vulnerabilities to compromise an affected system.

Drupal fixes Critical XSS bug and 4 other vulnerabilities Read More »