North Korean state-sponsored hacking operation Lazarus has been targeting VMware Horizon servers in malware attacks exploiting the Log4Shell remote code execution flaw, tracked as CVE-2021-44228, reports BleepingComputer.
Google has introduced the new Assured Open Source Software service, which offers access to Google developers' secure packages for enterprise open-source software users in an effort to strengthen software supply chain security, reports ZDNet.
BleepingComputer reports that malicious actors could exploit a critical vulnerability within the Jupiter Theme and JupiterX Core plugins for WordPress to facilitate privilege escalation.
Threat actors have launched a novel SQL server hacking campaign leveraging the built-in utility "sqlps.exe" to facilitate brute-force attacks and SuspSQLUsage malware deployment, The Hacker News reports.
Threat actors have been launching millions of attacks exploiting a remote code execution flaw in the Tatsu Builder plugin for WordPress, with up to half of the nearly 100,000 websites leveraging the plugin still at risk of attacks, according to BleepingComputer.
The Cybersecurity and Infrastructure Security Agency has temporarily omitted the Windows Local Security Authority Spoofing flaw, tracked as CVE-2022-26925, from its Known Exploited Vulnerability Catalog following a problematic fix issued by Microsoft, reports ZDNet.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.