Online developer community Stack Overflow has been leveraged to facilitate the distribution of a malicious Python Package Index package containing cryptocurrency-stealing malware, reports The Hacker News.
San Francisco-based c/side has emerged from stealth mode with $1.7 million in funding to develop cybersecurity solutions targeting vulnerabilities in third-party scripts used within web browsers, reports Tech Funding News.
The Open Source Security Foundation has unveiled the new Siren threat intelligence sharing list that seeks to facilitate real-time information sharing regarding security flaws impacting open source projects, reports The Register.
Ongoing intrusions targeting GitLab instances impacted by the maximum severity account takeover vulnerability, tracked as CVE-2023-7028, have prompted the flaw's inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies urged to remediate the security issue by May 22, reports BleepingComputer.
SecurityWeek reports that online open-source service Judge0 used for arbitrary code execution within a sandbox has been impacted by three critical vulnerabilities, which could be leveraged to facilitate sandbox escapes, privilege escalation, and system takeovers.
More than three million of 4.79 imageless repositories uploaded to Docker Hub over the past five years have been leveraged to target the container registry's users in three separate malicious campaigns, reports The Hacker News.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.