Vulnerabilities
Devs flood npm with 15,000 packages to reward themselves with Tea ‘tokens’
We have repeatedly come across cases involving open source registries like npm and PyPI being flooded with thousands of packages in a short span of time. Typically, such surges in publishing activity ...
How did CVE-2024-27198 Lead to Critical Vulnerability in JetBrains?
CVE-2024-27198 Lead to Server Takeover Vulnerabilities The post How did CVE-2024-27198 Lead to Critical Vulnerability in JetBrains? appeared first on Kratikal Blogs ...
SBOM, VDR, and Maven: Transforming the Apache Logging experience to a common pattern
In late 2023, a few members of the Apache Logging Services project – known for providing the famous Log4j logging framework – received funding from the Sovereign Tech Fund (STF) to enhance ...
Security Vulnerability in Saflok’s RFID-Based Keycard Locks
It’s pretty devastating: Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security ...
How Malware Facilitates Online Financial Fraud and Threatens Corporate Security
Malware stands as a formidable tool in the arsenal of cybercriminals, facilitating online financial fraud with alarming efficiency and sophistication. This malicious software, designed to damage or disable computers, now targets the ...
ChatGPT Plugin Security Vulnerabilities Exploited By Hackers
In the realm of cybersecurity, constant vigilance is paramount as threat actors perpetually seek novel ways to exploit vulnerabilities. Recent research has shed light on a concerning trend: the potential misuse of ...
VulnCheck’s Free Community KEV & CVE APIs (Code & Golang CLI Utility)
VulnCheck has some new, free API endpoints for the cybersecurity community. Two extremely useful ones are for their extended version of CISA’s KEV, and an in-situ replacement for NVD’s sad excuse for ...
Unsafelok Threat Highlights It’s About Both IoT Devices and Applications
IoT devices and applications exist all over the place, and in high volume. Today’s news brought yet another example of how the scale of IoT systems leads to the conclusion that their ...
How Real-Time Personal Cybersecurity Incident Response Mitigates Lateral Attacks for Corporate Executives
The cybersecurity landscape is more volatile and complex than ever before. Corporate executives, often targeted due to their high-profile positions and access to sensitive information, find themselves at the forefront of cyber ...
NVD overload: Unveiling a hidden crisis in vulnerability management
In a Linkedin Live session yesterday, Ilkka Turunen, Field CTO of Sonatype, and Brian Fox, co-founder and CTO, discussed an ongoing critical yet underreported issue in the National Vulnerability Database (NVD) ...