-
Japan warns of malicious PyPi packages created by North Korean hackers
Japan's Computer Security Incident Response Team (JPCERT/CC) is warning that the notorious North Korean hacking group Lazarus has uploaded four malicious PyPI packages to infect developers with malware.
- February 28, 2024
- 10:04 AM
0
-
Sponsored ContentRole of Wazuh in building a robust cybersecurity architecture
Leveraging open source solutions and tools to build a cybersecurity architecture offers organizations several benefits. Learn more from Wazuh about the benefits of open source solutions.
- January 26, 2024
- 10:01 AM
0
-
Over 1,450 pfSense servers exposed to RCE attacks via bug chain
Roughly 1,450 pfSense instances exposed online are vulnerable to command injection and cross-site scripting flaws that, if chained, could enable attackers to perform remote code execution on the appliance.
- December 12, 2023
- 09:00 AM
- 2
-
Over 30% of Log4J apps use a vulnerable version of the library
Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries the maximum severity rating, despite patches being available for more than two years.
- December 10, 2023
- 10:35 AM
- 1
-
Multiple NFT collections at risk by flaw in open-source library
A vulnerability in an open-source library that is common across the Web3 space impacts the security of pre-built smart contracts, affecting multiple NFT collections, including Coinbase.
- December 05, 2023
- 06:08 PM
- 0
-
Sponsored Content
Leveraging Wazuh to combat insider threats
Effective strategies for mitigating insider threats involve a combination of detective and preventive controls. Such controls are provided by the Wazuh SIEM and XDR platform.
- November 27, 2023
- 10:02 AM
- 0
-
Open-source Blender project battling DDoS attacks since Saturday
Blender has confirmed that recent site outages have been caused by ongoing DDoS (distributed denial of service) attacks that started on Saturday.
- November 22, 2023
- 11:12 AM
- 4
-
Malicious NuGet packages abuse MSBuild to install malware
A new NuGet typosquatting campaign pushes malicious packages that abuse Visual Studio's MSBuild integration to execute code and install malware stealthily.
- October 31, 2023
- 10:23 AM
- 0
-
Decentralized Matrix messaging network says it now has 115M users
The team behind the Matrix open standard and real-time communication protocol has announced the release of its second major version, bringing end-to-end encryption to group VoIP, faster loading times, and more.
- October 24, 2023
- 12:44 PM
- 0
-
FBI shares AvosLocker ransomware technical details, defense tips
The U.S. government has updated the list of tools AvosLocker ransomware affiliates use in attacks to include open-source utilities along with custom PowerShell, and batch scripts.
- October 12, 2023
- 07:38 PM
- 0
-
Hundreds of malicious Python packages found stealing sensitive data
A malicious campaign that researchers observed growing more complex over the past half year, has been planting on open-source platforms hundreds of info-stealing packages that counted about 75,000 downloads.
- October 04, 2023
- 05:31 PM
- 0
-
ShellTorch flaws expose AI servers to code execution attacks
A set of critical vulnerabilities dubbed 'ShellTorch' in the open-source TorchServe AI model-serving tool impact tens of thousands of internet-exposed servers, some of which belong to large organizations.
- October 03, 2023
- 12:37 PM
- 0
-
Yes, there's an npm package called @(-.-)/env and some others like it
Strangely named npm packages like -, @!-!/-, @(-.-)/env, and --hepl continue to exist on the internet's largest software registry. While not all of these may necessarily pose an obvious security risk, some were named before npm enforced naming guidelines and could potentially break tooling.
- September 02, 2023
- 08:00 AM
- 0
-
Amazon AWS distances itself from Moq amid data collection controversy
Amazon AWS has withdrawn its association with open source project Moq after the project drew sharp criticism for its quiet addition of data collection features, as first reported by BleepingComputer.
- August 11, 2023
- 10:04 AM
- 2
-
Hackers use open source Merlin post-exploitation toolkit in attacks
Ukraine is warning of a wave of attacks targeting state organizations using 'Merlin,' an open-source post-exploitation and command and control framework.
- August 09, 2023
- 05:32 PM
- 1
-
Popular open source project Moq criticized for quietly collecting data
Open source project Moq (pronounced "Mock") has drawn sharp criticism for quietly including a controversial dependency in its latest release. Moq's 4.20.0 release from this week included another project, SponsorLink, which caused an uproar among open source software consumers, who likened the move to a breach of trust.
- August 09, 2023
- 01:42 PM
- 4
-
Google to fight hackers with weekly Chrome security updates
Google has changed the Google Chrome security updates schedule from bi-weekly to weekly to address the growing patch gap problem that allows threat actors extra time to exploit published n-day and zero-day flaws.
- August 09, 2023
- 11:30 AM
- 4
-
Critical RCE found in popular Ghostscript open-source PDF library
Ghostscript, an open-source interpreter for PostScript language and PDF files widely used in Linux, has been found vulnerable to a critical-severity remote code execution flaw.
- July 12, 2023
- 12:46 PM
- 2
-
Sponsored Content
Streamlining security operations with automated incident response
Automated incident response solutions help reduce the mean time to respond to incidents, address known security threats, and also minimize alert fatigue. Learn more about these solutions from Wazuh, the open source XDR/SIEM platform.
- July 10, 2023
- 10:02 AM
- 0
-
Stealthy SeroXen RAT malware increasingly used to target gamers
A stealthy remote access trojan (RAT) named 'SeroXen' has recently gained popularity as cybercriminals begin using it for its low detection rates and powerful capabilities.
- May 31, 2023
- 12:56 PM
- 1
-
Remove the Theonlinesearch.com Search Redirect
Filed Under: Adware -
Remove the Smartwebfinder.com Search Redirect
Filed Under: Adware -
How to remove the PBlock+ adware browser extension
Filed Under: Adware -
Remove the Toksearches.xyz Search Redirect
Filed Under: Adware -
Remove the Smashapps.net Search Redirect
Filed Under: Adware
-
Version: 5.0.17.995M+ Downloads
-
Version: 4.14.12M+ Downloads
-
McAfee Consumer Products Removal tool
Version: NA442,274 Downloads -
Version: 8.4.0.056M+ Downloads
-
Version: 1.4.1.101724,974 Downloads
