Memory corruption

Mozilla developers Randell Jesup, Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these...

[SECURITY] Fedora 38 Update: python3.8-3.8.16-4.fc38

Python 3.8 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.8, see other distributions that support it, such as an older Fedora release...

[SECURITY] Fedora 38 Update: python3.6-3.6.15-18.fc38

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

[SECURITY] Fedora 37 Update: python-requests-2.28.1-3.fc37

Most existing Python modules for sending HTTP requests are extremely verbose and cumbersome. Python=EF=BF=BD=EF=BF=BD=EF=BF=BDs built-in urllib2 module provid es most of the HTTP capabilities you should need, but the API is thoroughly broken. This library is designed to make HTTP requests easy fo...

MAL-2023-8569 Malicious code in pyclack (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx a5bbfd7bb3c6e08fcaab006836d25519f6f790a3e647e64dd210e0b6f464d490 Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...

Malicious code in pyclack (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx a5bbfd7bb3c6e08fcaab006836d25519f6f790a3e647e64dd210e0b6f464d490 Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...

MAL-2023-603 Malicious code in mintel-tokens (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 13b8e3e53b1d2298f3798c2348d1caa9ccbbf59e520e7f67897fe51f6d9591ba Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

[SECURITY] Fedora 38 Update: python-requests-2.28.2-2.fc38

Most existing Python modules for sending HTTP requests are extremely verbose and cumbersome. Python=EF=BF=BD=EF=BF=BD=EF=BF=BDs built-in urllib2 module provid es most of the HTTP capabilities you should need, but the API is thoroughly broken. This library is designed to make HTTP requests easy fo...

What’s New for Developers: May 2023

...

Microsoft Build 2023: Announcing new identity, compliance, and security features from Microsoft Security

At Microsoft Build 2023—an event for developers by developers—we’re going to announce exciting new features and technologies, share ideas, and help everyone boost their skills so we can all build a more secure future together. This year’s Microsoft Build offers a full program, both online and...

Malicious code in pywolle (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 022272b8427ab42c0c793e5ec56175de59c7f142f82db252e890e9782845d762 Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...

MAL-2023-8590 Malicious code in pywolle (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 022272b8427ab42c0c793e5ec56175de59c7f142f82db252e890e9782845d762 Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...

[SECURITY] Fedora 37 Update: rust-below-0.6.3-4.fc37

below is an interactive tool to view and record historical system data. It has support for: - information regarding hardware resource utilization - viewing the cgroup hierarchy - cgroup and process information - pressure stall information PSI - record mode to record system data - replay mode to...

MAL-2023-8589 Malicious code in pywhool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 54738d1aef580f087fec1311b411aa6ddd2d7affb4b44353dd7f3d6a569a0ed9 Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...

phpmyfaq -- multiple vulnerabilities

phpmyfaq developers report: Multiple XSS vulnerabilities...

Hackers Using Golang Variant of Cobalt Strike to Target Apple macOS Systems

A Golang implementation of Cobalt Strike called Geacon is likely to garner the attention of threat actors looking to target Apple macOS systems. That's according to findings from SentinelOne, which observed an increase in the number of Geacon payloads appearing on VirusTotal in recent months...

MAL-2023-451 Malicious code in flying_pusher (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9091b084b192777c6cbacc1b67d67b879e2cdceda2b68082e975394f648cac68 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

MAL-2023-8591 Malicious code in pywool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 1ba602a97accda8e614fcf38d1af1cb7f1878bf2bd450b21f1be16a4c260123a Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...

MAL-2023-167 Malicious code in cfa-styleguide (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 5562a6cb1d5f239216be52c28e8d316e8ffe0f490d11978863202a6fcfcbe8bc Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

MAL-2023-575 Malicious code in maddy_test (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx edb288f616afccdf20ab32d24f5f0616b0b2b91bcdb3d8f0d8bd60e1adbe6b0a Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...