A vulnerability discovered in GitHub Actions could allow an attacker to poison a developers pipeline, highlighting the risk that insecure software pipelines pose.
Though there have been fewer than expected publicly reported attacks involving the vulnerability, nearly three-quarters of organizations remain exposed to it.
The Hells Keychain attack vector highlights common cloud misconfigurations and secrets exposure that can pose grave risk to enterprise customers.
Phylum Expands Its Software Supply Chain Security Capabilities Introduces Automated Vulnerability Reachability
Know what you need to fix today and what you don’t.
As consumers catch on to the dangers, protection could become a major topic for legislative bodies.
If unpatched, a host of GPU Display Driver flaws could expose gamers, graphic designers, and others to code execution, denial of service, data tampering, and more.
The framework has ties back to a Spanish exploit broker called Variston IT, and offers a one-stop shop for compromising Chrome, Defender and Firefox.
Red Hat has issued patches for a bug in an open source Java virtual machine software that opens the door to drive-by localhost attacks. Patch now, as its easy for cyberattackers to exploit.
Signal messaging app zero-day vulnerabilities have sparked a $1.5M bidding match, as gray-market exploit brokers flourish in todays geopolitical climate.
New protective measures work behind the scenes, with little impact on the customer experience.