zz 安全漏洞

zz is an e-commerce platform for zj1983 individual developers. A security vulnerability exists in zz 2024-8 and prior versions, which stems from cross-site scripting and could lead to remote code execution...

[SECURITY] Fedora 40 Update: python3.8-3.8.20-2.fc40

Python 3.8 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.8, see other distributions that support it, such as an older Fedora release...

Loggrove 安全漏洞

Loggrove is a web platform service by olajowon individual developers. A security vulnerability exists in Loggrove v.1.0, which originates from the execution of arbitrary code via the path parameter...

North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware

Freelance software developers are the target of an ongoing campaign that leverages job interview-themed lures to deliver cross-platform malware families known as BeaverTail and InvisibleFerret. The activity, linked to North Korea, has been codenamed DeceptiveDevelopment, which overlaps with...

[SECURITY] Fedora 41 Update: python3.9-3.9.21-4.fc41

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

New XCSSET Malware Variant Targeting macOS Notes App and Wallets

Microsoft warns Apple developers about a new XCSSET malware variant targeting macOS, posing security risks through stealthy infections…...

Elfutils 安全漏洞

Elfutils is a collection of utilities and libraries for reading, creating, and modifying ELF binaries from the individual developers at Cuviper. A security vulnerability exists in Elfutils version 0.192. An attacker exploiting this vulnerability could cause a denial of service locally...

Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks

The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers. The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by...

[SECURITY] Fedora 41 Update: python-cryptography-43.0.0-4.fc41

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers...

FileVista 安全漏洞

FileVista is a web file manager from GleamTech Individual Developers. A security vulnerability exists in FileVista version 9.2.0.0 that originates from directory traversal during file uploads and allows remote attackers to execute code, disclose information, and elevate privileges...

A Bootiful Podcast: 'Just Use Postgres!' author Denis Magda

Hi, Spring fans! In this installment we talk to Java and distributed database ninja Denis Magda about his new book, "Just Use Postgres!", which looks at how to wield Postgres for a variety of use cases that an application developer should know...

CVE-2024-21643

IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the SignedHttpRequestprotocol or the SignedHttpRequestValidatoris vulnerable. Microsoft.IdentityModel trusts the jkuclaim...

PyPI Introduces Archival Status to Alert Users About Unmaintained Python Packages

The maintainers of the Python Package Index PyPI registry have announced a new feature that allows package developers to archive a project as part of efforts to improve supply chain security. "Maintainers can now archive a project to let users know that the project is not expected to receive any...

CVE-2025-23202

Bible Module is a tool designed for ROBLOX developers to integrate Bible functionality into their games. The FetchVerse and FetchPassage functions in the Bible Module are susceptible to injection attacks due to the absence of input validation. This vulnerability could allow an attacker to...

CVE-2025-23202

The CVE-2025-23202 entry concerns the Bible Module for ROBLOX. The vulnerable components are the FetchVerse and FetchPassage functions, which lack input validation, enabling injection attacks that could manipulate API request URLs and potentially lead to unauthorized access or data tampering. The...

Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99

The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted software developers looking for freelance Web3 and cryptocurrency work to deliver malware. "The campaign begins with fake recruiters, posing on platforms like LinkedIn, luring...

CISA: AI Cybersecurity Collaboration Playbook

The AI Cybersecurity Collaboration Playbook provides guidance to organizations across the AI community – including AI providers, developers, and adopters – for sharing AI-related cybersecurity information voluntarily with the Cybersecurity and Infrastructure Security Agency CISA and other partner...

CVE-2025-23128

...

Cybercriminals Target Ethereum Developers with Fake Hardhat npm Packages

Cybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation's Hardhat tool in order to steal sensitive data from developer systems. "By exploiting trust in open source plugins, attackers have infiltrated these...

PT-2025-20833

Name of the Vulnerable Software and Affected Versions: GNUScreen version 5.0.1 and earlier Description: The issue affects Linux administrators, cloud engineers, and developers. It is related to a root privilege escalation flaw. Recommendations: For versions prior to 5.0.1, update to version 5.0.1...