packages
-
Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications
A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited,…
Read More » -
PyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User Data
A new set of malicious packages has been unearthed in the Python Package Index (PyPI) repository that masqueraded as cryptocurrency…
Read More » -
Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA
Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this, as: 147,000 token…
Read More » -
New PondRAT Malware Hidden in Python Packages Targets Software Developers
Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a…
Read More » -
Google Fixes GCP Composer Flaw That Could’ve Led to Remote Code Execution
A now-patched critical security flaw impacting Google Cloud Platform (GCP) Composer could have been exploited to achieve remote code execution…
Read More » -
GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code
Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped…
Read More » -
North Korean Hackers Targets Job Seekers with Fake FreeConference App
North Korean threat actors have leveraged a fake Windows video conferencing application impersonating FreeConference.com to backdoor developer systems as part…
Read More » -
Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack
A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in…
Read More »