CVE-2021-22922

A flaw was found in curl in the way curl handles a file hash mismatch after downloading content using the Metalink feature. This flaw allows malicious actors controlling a hosting server to trick users into downloading malicious content. The highest threat from this vulnerability is to integrity...

Microsoft Provides Guidance on Mitigating DDE Attacks

Despite a rash of attacks leveraging Dynamic Data Exchange fields in Office, including some spreading destructive ransomware, Microsoft has remained insistent that DDE is a product feature and won’t address it as a vulnerability. Microsoft on Wednesday did, however, put some guidance in admins’...