Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Supply Chain Attacks Exploit Entry Points in Python, npm, and Open-Source Ecosystems

Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks. "Attackers can leverage these entry points to execute malicious code when specific commands are run, posing a widespread risk in the open-source landscape," Checkmarx researchers Yehuda

The Hacker News
Open in Source
#nodejs#git#java#aws#ruby#docker#The Hacker News
THN Cybersecurity Recap: Top Threats, Tools and Trends (Oct 7 - Oct 13)

Hey there, it's your weekly dose of "what the heck is going on in cybersecurity land" – and trust me, you NEED to be in the loop this time. We've got everything from zero-day exploits and AI gone rogue to the FBI playing crypto kingpin – it's full of stuff they don't 🤫 want you to know. So let's jump in before we get FOMO. ⚡ Threat of the Week GoldenJackal Hacks Air-Gapped Systems: Meet

Peel Shopping 2.x Cross Site Scripting / SQL Injection

Peel Shopping versions 2.x and below 3.1 suffer from cross site scripting and remote SQL injection vulnerabilities. This was already noted discovery in 2012 by Cyber-Crystal but this data provides more details.

Teraleak: Pokémon Developer Game Freak Hacked; Decades of Data Leaked

Game Freak’s “Teraleak” appears to expose nearly 1 terabyte of sensitive Pokémon data, including source code, cancelled games,…

Pig Butchering Scams Are Going High Tech

Scammers in Southeast Asia are increasingly turning to AI, deepfakes, and dangerous malware in a way that makes their pig butchering operations even more convincing.

FBI Creates Fake Cryptocurrency to Expose Widespread Crypto Market Manipulation

The U.S. Department of Justice (DoJ) has announced arrests and charges against several individuals and entities in connection with allegedly manipulating digital asset markets as part of a widespread fraud operation. The law enforcement action – codenamed Operation Token Mirrors – is the result of the U.S. Federal Bureau of Investigation (FBI) taking the "unprecedented step" of creating its own

AI Hype Drives Demand For ML SecOps Skills

Companies are putting "AI" in just about all of their products, which opens up new security holes. LLM SecOps and ML SecOps are becoming must-have skills.

GHSA-8rm2-93mq-jqhc: Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.

### Impact A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. ### Patches Please use version 4.0.0 or later `github.com/codeclysm/extract/v4`. Any previous version is affected by the bug. ### Workarounds No knows workarounds. ### Backward compatibility notes about upgrading to `/v4` from `/v3` If you're not using the `extract.Extractor.FS` interface, you will not face any breaking changes and upgrading should be as simple as changing the import to `/v4`. This should be the case for most of the userbase. If you're using the `Extractor.FS` interface, then upgrading to `/v4` will require to implement the new methods that have been added: ```go type FS interface { Link(string, string) error MkdirAll(string, os.FileMode) error OpenFile(name string, flag int, perm os.FileMode) (*os.File, error) Symlink(string, string) error // The following methods have been added in the /v4 interface: Remove(path s...