Experts Discover Multiple Malicious npm Packages | Cyware Alerts – Hacker News The world of open-source software offers countless benefits to developers worldwide. However, with opportunities also come risks. The FortiGuard Labs team recently uncovered numerous malicious packages within npm, the most extensive software registry for JavaScript. This article delves deep into these packages, unveiling […]
Oct 03, 2023THNZero Day / Vulnerability Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation. Of the 17 flaws, three are rated Critical, 13 are rated High, and one is rated Medium in severity. “There are indications from Google Threat […]
The vulnerabilities are caused by heap buffer overflow weaknesses in open-source libraries used by the products, and they can lead to crashes or arbitrary code execution.
Oct 03, 2023THNArtificial Intelligence / Cyber Threat Cybersecurity researchers have disclosed multiple critical security flaws in the TorchServe tool for serving and scaling PyTorch models that could be chained to achieve remote code execution on affected systems. Israel-based runtime application security company Oligo, which made the discovery, has coined the vulnerabilities ShellTorch. “These vulnerabilities […] […]
A recent phishing campaign targeting executives in senior roles has been exploiting an open redirection vulnerability in the Indeed website, cybersecurity firm Menlo Security warns. Headquartered in the US, Indeed is a popular worldwide job search platform, which claims to have more than 350 million unique visitors each month, and more than 14,000 employees globally. […]
The notorious Lorenz ransomware group has claimed Allcare Pharmacy cyber attack. The data breach was announced by the threat actor itself on their dark web forum, adding yet another victim to its growing roster. The Allcare Pharmacy cyber attack has casted a shadow over the security of confidential information entrusted to the pharmacy. Allcare Pharmacy, […]
A vulnerability affecting a widely used tool embedded in web browsers and a separate bug in a popular file transfer tool are being exploited by hackers, according to both government officials and cybersecurity experts. The Cybersecurity and Infrastructure Security Agency (CISA) warned on Monday that hackers are exploiting CVE-2023-5217 — a vulnerability affecting Google’s Chrome […]
Oct 03, 2023THNSoftware Security / Hacking Nearly three dozen counterfeit packages have been discovered in the npm package repository that are designed to exfiltrate sensitive data from developer systems, according to findings from Fortinet FortiGuard Labs. One set of packages – named @expue/webpack, @expue/core, @expue/vue3-renderer, @fixedwidthtable/fixedwidthtable, and @virtualsearchtable/virtualsearchtable – harbored an obfuscated JavaScript file that’s […]
Track is part of four-cut EP ‘Soft Metallics’ Magda Rot is a Chilean-born, Berlin-based producer, given her debut release here by the esteemed Return To Disorder label. If you know the label’s pedigree – they’ve brought us the likes of Galaxian and Dynarec and are run by Helena Hauff – you’ll know what to expect […]