Python packages with malicious code expose secret AWS credentials
Sonatype researchers have discovered Python packages that contain malicious code that peek into and expose secret AWS credentials, network …
Programming Languages
What Are the Most Prevalent Flaws in Your Programming Language?
A few months ago, we released our 12th annual State of Software Security (SOSS) Report. In our announcement blog, we noted new application …
GitHub enables the development of functional safety applications by adding support for coding standards AUTOSAR C++ and CERT C++
The latest innovations in the automotive sector have triggered a massive digital transformation in how vehicles are built. A modern …
Programming languages: How Google is improving C++ memory safety
Google’s Chrome team is looking at heap scanning to reduce memory-related security flaws in Chrome’s C++ codebase, but the technique …
Popular PyPI Package ‘ctx’ and PHP Library ‘phpass’ Hijacked to Steal AWS Keys
Two trojanized Python and PHP packages have been uncovered in what’s yet another instance of a software supply chain attack targeting the …
What the ECDSA Flaw in Java Means for Enterprises
This Tech Tip reminds developers and security teams to check what version of Java they are running. Whether they are vulnerable to the …
Oracle already wins ‘crypto bug of the year’ with Java digital signature bypass
Java versions 15 to 18 contain a flaw in its ECDSA signature validation that makes it trivial for miscreants to digitally sign files and …
Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity
Cybersecurity researchers have uncovered further links between BlackCat (aka AlphaV) and BlackMatter ransomware families, the former of …
Popular Ruby Asciidoc toolkit patched against critical vuln – get the update now!
If you’ve ever written technical documentation to use online, you probably started out by creating it directly in HTML (hypertext markup …
SpringShell Brings Hell to Java Developers
Logj4Shell brought a lot of misery, the newly discovered SpringShell vulnerability, not to be confused with the totally different Spring …
Java Spring4Shell flaw exploit attempts: These are the industries most affected
The sector most heavily impacted by the Spring4Shell Java flaw is technology, according to security firm Check Point. Spring4Shell is a bug …
15-Year-old Security Vulnerability In The PEAR PHP Repository Permits Supply Chain Attack
PEAR PHP repository has been found to contain a 15-year-old security vulnerability that could provide an attacker with the ability to carry …
Patch now: RCE Spring4shell hits Java Spring framework
Another Java Remote Code Execution vulnerability has reared its head, this time in the popular Spring Framework and, goodness, it’s a nasty …
Spring4Shell: No need to panic, but mitigations are advised
Spring4Shell – seems to only be exploitable in certain configurations. What we know about Spring4Shell so far First and …