Tag : Vulnerabilities

image_pdfimage_print

A systemic class of exploitable CI/CD vulnerabilities in the open source software supply chain exposes millions of repositories to takeover, cybersecurity firm Novee warns. Referred to as Cordyceps, the security defects allow unauthenticated attackers to hijack developer workflows and gain full control over affected repositories. Agentic coding, Novee says, has resulted in insecure patterns being ..

Leggi tutto

Threat actors are exploiting a medium-severity vulnerability in the Gravity SMTP WordPress plugin to steal complete system details, Defiant warns. Gravity SMTP for WordPress is an email deliverability plugin that integrates with multiple SMTP providers and API-based services to allow admins to send and track emails directly from their websites. All plugin iterations before version ..

Leggi tutto

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of ..

Leggi tutto

Well hey y’all. I just got hooked up with this space to somewhat-routinely write about vulnerabilities, cybersecurity, and infosec history. I’m currently at runZero, where I’m the vice president of security research, which basically means that I spend most of my time hanging around with some incredibly bright and devoted people who are also cunning ..

Leggi tutto

Atlassian and Splunk on Wednesday announced patches for multiple vulnerabilities in their products, including critical-severity flaws. Splunk resolved a critical issue in AI Toolkit that could allow authenticated attackers with admin roles to execute arbitrary OS commands on the host the Splunk Enterprise instance runs on. “The vulnerability is possible because of an unsafe shell ..

Leggi tutto

Including npm packages in software development projects saves time but can introduce unseen but known vulnerabilities. CVE Lite CLI is a lightweight command line security scanner that operates on lockfiles during software development. It focuses on JavaScript and Typescript files and is an OSV-powered dependency scanner supporting npm, pnpm and Yarn. It is an open ..

Leggi tutto

Google this week promoted Chrome 149 to the stable channel with patches for 429 vulnerabilities, a record for a single Chrome refresh. Already exceeding several times the total number of Chrome security fixes released in 2025, the surge in Chrome flaws is likely driven by AI use, which led Google to lower Chrome bug bounties ..

Leggi tutto