Third-Party Security

Drupal patches Moderately Critical Guzzle third-party library vulnerabilities (CVE-2022-31042 and CVE-2022-31043)

Drupal has patched two Moderately Critical Guzzle Third-party library vulnerabilities (CVE-2022-31042 and CVE-2022-31043) that affect multiple versions of Drupal Core.

Drupal patches Moderately Critical Guzzle third-party library vulnerabilities (CVE-2022-31042 and CVE-2022-31043) Read More »

Researchers discover Critical RCE 0-day “Log4Shell” vulnerability (CVE-2021-44228) in Apache Log4j logging utility (update)

Researchers have discovered a Critical 0-day vulnerability (CVE-2021-44228) in Apache Log4j logging utility that can result in remote code execution (RCE). In addition, CISA and Microsoft also issue new guidance for log4j vulnerability remediation.

Researchers discover Critical RCE 0-day “Log4Shell” vulnerability (CVE-2021-44228) in Apache Log4j logging utility (update) Read More »

Embedded malware discovered in NPM package ua-parser-js

Embedded malware has been discovered in an NPM package ua-parser-js, a popular JavaScript library designed to detect browser, engine, OS, CPU, and device type/model from User-Agent data.

Embedded malware discovered in NPM package ua-parser-js Read More »

Nobelium targets CSPs, MSPs and IT organizations to launch broader attacks

Microsoft has released a new report on Nobelium that has been targeting cloud service providers (CSPs), managed service providers (MSPs) and other IT organizations in order to launch broader attacks against customers they serve.

Nobelium targets CSPs, MSPs and IT organizations to launch broader attacks Read More »

Drupal patches Critical third-party library vulnerability (CVE-2021-32610)

Drupal has patched a Critical third-party library vulnerability that affects multiple versions of Drupal Core. A remote attacker could exploit this vulnerability to compromise an affected system.

Drupal patches Critical third-party library vulnerability (CVE-2021-32610) Read More »

Attackers could have taken over an Atlassian account via one-click exploit

Cybersecurity researchers have discovered a series of chained Atlassian vulnerabilities that could have allowed an attacker to take over an Atlassian account connected via SSO and control Atlassian applications.

Attackers could have taken over an Atlassian account via one-click exploit Read More »

SDK supply chain vulnerability exposes security cameras to hacking

A vulnerability in ThroughTek’s Kalay Platform software development hit (SDK) has exposed many security cameras used by original equipment manufacturers (OEMs) of consumer-grade security cameras and IoT devices.

SDK supply chain vulnerability exposes security cameras to hacking Read More »