Supply chain attacks possible with TensorFlow CI/CD misconfigurations TensorFlow instances on GitHub and PyPi could have been subjected to supply chain attacks involving the exploitation of continuous integration and continuous delivery vulnerabilities within the open-source machine learning framework, reports The Hacker News.
BleepingComputer reports that more than 6,700 WordPress sites leveraging Popup Builder plugin vulnerable to the cross-site scripting bug, tracked as CVE-2023-6000, have been compromised in a new Balada Injector campaign that commenced last month.
More than 15,000 Go module repositories on GitHub accounting for at least 800,000 Go module variants could be compromised in repojacking attacks, The Hacker News reports.
Numerous Web3 smart contracts, including DropERC20, AirDrop20, ERC721, and ERC1155, were discovered by Thirdweb to be exposed to a vulnerability in a widely used open-source nonfungible token library, reports SiliconAngle.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.