Lucene search
K

791 matches found

The Hacker News
The Hacker News
added 2024/05/21 10:22 a.m.35 views

Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox

A critical security flaw has been disclosed in the llamacpppython Python package that could be exploited by threat actors to achieve arbitrary code execution. Tracked as CVE-2024-34359 CVSS score: 9.7, the flaw has been codenamed Llama Drama by software supply chain security firm Checkmarx. "If...

9.6CVSS8.9AI score0.72648EPSS
Exploits16
The Hacker News
The Hacker News
added 2024/04/10 12:38 p.m.29 views

Beware: GitHub's Fake Popularity Scam Tricking Developers into Downloading Malware

Threat actors are now taking advantage of GitHub's search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware. The latest assault on the open-source software supply chain involves concealing malicious code within...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/11/17 9:56 a.m.57 views

27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts

An unknown threat actor has been observed publishing typosquat packages to the Python Package Index PyPI repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain. The 27 package...

7.6AI score
Exploits0
HackRead
HackRead
added 2023/10/17 4:32 p.m.14 views

Supply Chain Attack Targeting Telegram, AWS and Alibaba Cloud Users

By Deeba Ahmed KEY FINDINGS Cybersecurity firm Checkmarx has discovered a new wave of supply chain attacks exploiting bugs in popular… This is a post from HackRead.com Read the original post: Supply Chain Attack Targeting Telegram, AWS and Alibaba Cloud Users...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/09/12 11:32 a.m.42 views

Critical GitHub Vulnerability Exposes 4,000+ Repositories to Repojacking Attack

A new vulnerability disclosed in GitHub could have exposed thousands of repositories at risk of repojacking attacks, new findings show. The flaw "could allow an attacker to exploit a race condition within GitHub's repository creation and username renaming operations," Checkmarx security researche...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/08/30 11:27 a.m.36 views

Malicious npm Packages Aim to Target Developers for Source Code Theft

An unknown threat actor is leveraging malicious npm packages to target developers with an aim to steal source code and configuration files from victim machines, a sign of how threats lurk consistently in open-source repositories. "The threat actor behind this campaign has been linked to malicious...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/07/31 12:0 a.m.4 views

Malicious code in developer_backup_test521 (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 166bebecf34acabc1fdf3c66906bda21b7b7e7043f76cf728dd8637270162021 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

7.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/07/31 12:0 a.m.4 views

Malicious code in developer_backup_test523 (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx a102fc358a2f397cc33b778fdc8edcca752c4a93e273f3e728d9e936ef75cbff Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

7.2AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/07/31 12:0 a.m.34 views

Jenkins plugins Multiple Vulnerabilities (2022-12-07)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. CVE-2022-46682 - Jenki...

9.8CVSS6AI score0.00947EPSS
Exploits0References8
OSV
OSV
added 2023/07/31 12:0 a.m.10 views

MAL-2023-8008 Malicious code in @rocketrefer/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0c06dd93e949e2750017a45685b6d200640e259c416cb4cbc995550ea3e04ab0 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

7.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/07/27 12:0 a.m.5 views

Malicious code in kiwi_vicious (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 24d3a7f0211bfcde4618961d390577b0a47d7aab36c363af84243b2427fc1c51 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

7.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/07/26 12:0 a.m.4 views

Malicious code in cnp_al_corp_front (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ca87bb9f11572bb7178a087d94273972886a104b0d9f9b25ea8799b418f8c85c Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

7.2AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.7 views

The vulnerability of the Checkmarx plugin in the Jenkins automation server allows a attacker to execute a “man-in-the-middle” attack.

The vulnerability of the Checkmarx server automation plugin for Jenkins is related to errors during the verification of SSL/TLS certificates. Exploiting this vulnerability allows a remote attacker to execute a “man-in-the-middle” attack...

8.1CVSS7.6AI score0.00775EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2023/07/04 5:48 a.m.18 views

CVE-2023-35142

Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default...

8.1CVSS6.9AI score0.00775EPSS
Exploits0References3
OSV
OSV
added 2023/06/21 12:0 a.m.9 views

MAL-2023-107 Malicious code in assets-graph (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx e513e7556846ca62fa4d27646eef928d55f2c2954ce9caa51dd63643e2adf445 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

7AI score
Exploits0References2
The Hacker News
The Hacker News
added 2023/06/19 11:51 a.m.5 views

Introducing AI-guided Remediation for IaC Security / KICS

While the use of Infrastructure as Code IaC has gained significant popularity as organizations embrace cloud computing and DevOps practices, the speed and flexibility that IaC provides can also introduce the potential for misconfigurations and security vulnerabilities. IaC allows organizations to...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/06/16 12:0 a.m.48 views

Jenkins plugins Multiple Vulnerabilities (2023-06-14)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default. CVE-2023-3514...

8.1CVSS6.2AI score0.0083EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2023/06/14 3:30 p.m.28 views

SSL/TLS certificate validation disabled by default in Jenkins Checkmarx Plugin

Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default...

8.1CVSS6.7AI score0.00775EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/06/14 3:30 p.m.19 views

GHSA-RR3P-5FCF-V5M3 SSL/TLS certificate validation disabled by default in Jenkins Checkmarx Plugin

Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default...

8.1CVSS8AI score0.00775EPSS
Exploits0References3
OSV
OSV
added 2023/06/14 1:15 p.m.4 views

CVE-2023-35142

Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default...

8.1CVSS5.8AI score0.00775EPSS
Exploits0References2
Rows per page
Query Builder