Most severe of the addressed flaws is a critical bug in GitLab CE/EE versions newer than 15.8, 17.0, and 17.1, tracked as CVE-2024-5655, which could be leveraged to facilitate automated execution of a pipeline upon the automated re-targeting of a merge request.
Vulnerable SolarWinds Serv-U devices impacted by the high-severity path traversal flaw, tracked as CVE-2024-28995, have been subjected to ongoing attacks using publicly available proof-of-concept exploits, according to BleepingComputer.
Attacks with a new Linux encryptor have been deployed by the RansomHub ransomware-as-a-service operation against VMware ESXi environments, reports BleepingComputer.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.