Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks
Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains
More than a 1,000 Docker Hardened Images (DHI) are now freely available and open source for software builders, under the Apache 2.0 license. [...]
Intruders hoped no one would notice their presence Criminals exploiting a critical vulnerability in open source Apache ActiveMQ middleware are fixing the flaw that allowed them access, after establishing persistence on Linux servers.…
A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change
A maximum severity security vulnerability has been disclosed in Apache Parquet's Java Library that, if successfully exploited, could allow a remote attacker to execute arbitrary code on susceptible instances
Healthcare Sector Heavily Relies on Open-Source Web Server; Older Flaws Pose RiskFederal authorities are alerting healthcare entities of vulnerabilities - including older flaws - that put Apache Tomcat at risk for attacks if left unmitigated. The open-source web server is heavily used in healthcare for hosting electronic health record and other systems and applications.
A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows
Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers. [...]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning (ERP) system to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild
A new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning (ERP) system that could allow threat actors to achieve remote code execution on affected instances
You upgraded when this was fixed in April, right? Right?? If you haven't yet upgraded to version 1.3.0 of Apache HugeGraph, now's a good time because at least two proof-of-concept exploits for a CVSS 9.8-rated remote command execution bug in the open-source graph database have been made public.…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, an open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation
Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation
A new zero-day security flaw has been discovered in the Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that could be exploited to bypass authentication protections
Apache has released a security advisory warning of a critical security flaw in the Struts 2 open-source web application framework that could result in remote code execution
The Kinsing malware operator is actively exploiting the CVE-2023-46604 critical vulnerability in the Apache ActiveMQ open-source message broker to compromise Linux systems. [...]
Researcher discovers vulnerabilities in the open source Web application, which were fixed in the latest Apache OpenMeeting update.
The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution
Here’s how Wiz can help Sponsored Feature When software vulnerabilities and zero days moved up the enterprise worry list 15 years ago, nobody imagined the world would one day end up with a threat as perplexing as Log4Shell – a vulnerability in the Apache Log4j open source logging framework that's used in software on all major operating systems spanning everything from cloud services to PC games.…