Security News > 2024 > April > New R Programming Vulnerability Exposes Projects to Supply Chain Attacks
2024-04-29 10:50
A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in code execution when loaded and referenced. The flaw, assigned the CVE identifier CVE-2024-27322, "involves the use of promise objects and lazy evaluation in R," AI application security
News URL
https://thehackernews.com/2024/04/new-r-programming-vulnerability-exposes.html
Related news
- Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) (source)
- Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack (source)
- Ripple NPM supply chain attack hunts for private keys (source)
- Magento supply chain attack compromises hundreds of e-stores (source)
- Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack (source)
- Supply chain attack hits npm package with 45,000 weekly downloads (source)
- RVTools hit in supply chain attack to deliver Bumblebee malware (source)
- DragonForce ransomware abuses SimpleHelp in MSP supply chain attack (source)
- Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks (source)