Several public and popular libraries abandoned but still used in Java and Android applications have been found susceptible to a new software supply chain attack method called MavenGate. “Access to projects can be hijacked through domain name purchases and since most default build configurations are vulnerable, it would be difficult or even impossible to know […]
One of the world’s largest libraries has confirmed it was hit by a ransomware attack on October 28, and that it will take weeks or possibly months to fully recover. The British Library notified the public at the start of this month about a “major technology outage” due to a “cyber incident,” but went no further […]
The vulnerabilities are caused by heap buffer overflow weaknesses in open-source libraries used by the products, and they can lead to crashes or arbitrary code execution.