Securing Open Source
Three Nation-State Campaigns Targeting Healthcare, Banking Discovered
Researchers have identified three distinct nation-state campaigns leveraging advanced highly evasive and adaptive threat (HEAT) tactics ...
WordPress Plugin Supply Chain Attack Gets Worse
30,000 websites at risk: Check yours ASAP! (800 Million Ostriches Can’t Be Wrong.) ...
Google Hates Ad Blockers: Manifest V3 Push Starts Today
We warned you. As of June 3, Google is following through on its threat to kill ad blockers. Privacy-focused Chrome extensions are living on borrowed time; developers must upgrade to the less ...
Malicious PyPI Package ‘Pytoileur’ Targets Windows and Leverages Stack Overflow for Distribution
Another day, another PyPI malware package. But this one has a new way to (try to) sneak into your computer ...
GitHub Issues Patch for Critical Exploit in Enterprise Server
The vulnerability affects all GHES versions prior to 3.13.0 and achieves the highest possible CVSS score of 10. Instances with SAML SSO authentication are at risk ...
North Korea IT Worker Scam Brings Malware and Funds Nukes
WTH? DPRK IT WFH: Justice Department says N. Korean hackers are getting remote IT jobs, posing as Americans ...
VFCFinder Highlights Security Patches in Open Source Software
VFCFinder analyzes commit histories to pinpoint the most likely commits associated with vulnerability fixes ...
Dell Hell Redux — More Personal Info Stolen by ‘Menelik’
Phish Ahoy! Hacker took advantage of Dell’s lack of anti-scraping defense ...
GitLab ‘Perfect 10’ Bug Gets a CISA Warning: PATCH NOW
Password reset FAILURE: The U.S. Cybersecurity and Infrastructure Security Agency warns GitLab users of a 100-day-old, maximum severity vulnerability ...
Brits Ban Bad Passwords — and Other IoT Stupid Stuff
Nice Cup of IoTea? The UK’s Product Security and Telecommunications Infrastructure Act aims to improve the security of net-connected consumer gear ...
