Collaborate Disseminate
Software engineers tracking the quality of software bill of materials have stumbled on a startling discovery: Barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.
read more Continue reading Chainguard Trains Spotlight on SBOM Quality Problem
Vendors and agencies are actively bypassing the security patch that Adobe released in February 2022 to address CVE-2022-24086, a critical mail template vulnerability in Adobe Commerce and Magento stores, ecommerce security firm Sansec warns.
read more Continue reading Vendors Actively Bypass Security Patch for Year-Old Magento Vulnerability
The US government’s cybersecurity agency CISA is giving federal agencies an early February deadline to patch a critical — and already exploited — security vulnerability in the widely used CentOS Control Web Panel utility.
read more Continue reading Exploited Control Web Panel Flaw Added to CISA ‘Must-Patch’ List
Fortinet warns of three new malicious PyPI packages containing code designed to fetch the Wacatac trojan and information stealer as a next stage payload.
read more Continue reading PyPI Users Targeted With ‘Wacatac’ Trojan in New Supply Chain Attack
A GitHub Codespaces feature meant to help with code development and collaboration can be abused for malware delivery, Trend Micro reports.
read more Continue reading Attackers Can Abuse GitHub Codespaces for Malware Delivery
Security researchers tracking a known pre-authentication remote code execution vulnerability in Zoho’s ManageEngine products are warning organizations to brace for “spray and pray” attacks across the internet.
read more Continue reading Researchers: Brace for Zoho ManageEngine ‘Spray and Pray’ Attacks
Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to complete vehicle compromise.
read more Continue reading Tesla Returns as Pwn2Own Hacker Takeover Target
Red Hat announced on Tuesday the general availability of a malware detection service for Red Hat Enterprise Linux (RHEL) systems.
read more Continue reading Red Hat Announces General Availability of Malware Detection Service
Hack The Box, a British startup working on technology to simplify cybersecurity skills training, has banked a $55 million funding round as venture capital investors place big bets on the subscription-based talent assessment space.
read more Continue reading Investors Bet Big on Subscription-Based Security Skills Training
Microsoft’s security patching machine hummed into overdrive Tuesday with the release of fixes for at least 97 documented software vulnerabilities, including a zero-day that’s already been exploited to escape the browser sandbox.
read more Continue reading Microsoft Patch Tuesday: 97 Windows Vulns, 1 Exploited Zero-Day