Security News > 2024 > June
The owners of Polyfill.io have relaunched the JavaScript CDN service on a new domain after polyfill.io was shut down as researchers exposed it was delivering malicious code on upwards of 100,000 websites. The Polyfill service claims that it has been "Maliciously defamed" and been subject to "Media messages slandering Polyfill."
Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection...
Did you know it’s now possible to build blockchain applications, known also as decentralized applications (or “dApps” for short) in native Python? Blockchain development has traditionally required...
A critical SQL injection vulnerability in Fortra FileCatalyst Workflow has been patched; a PoC exploit is already available online. Fortra FileCatalyst is an enterprise software solution for accellerated, UDP-based file transfer of large files.
Further, to keep the internet safe, Cloudflare is automatically replacing polyfill.io links with a safe mirror on websites that use Cloudflare protection. Cloudflare has criticized Polyfill.io's unauthorized usage of its name and logo as it could mislead users into believing that the illicit website is endorsed by Cloudflare.
A 22-year-old Russian national has been indicted in the U.S. for his alleged role in staging destructive cyber attacks against Ukraine and its allies in the days leading to Russia's full-blown...
A federal grand jury in Maryland returned an indictment charging a Russian citizen with conspiracy to hack into and destroy computer systems and data. According to court documents, in Jan. 2022, members of the Main Intelligence Directorate of the General Staff of the Russian Federation conspired to use a U.S.-based company's services to distribute malware known in the cybersecurity community as WhisperGate to dozens of Ukrainian government entities' computer systems and destroy those systems and related data in advance of the Russian invasion of Ukraine.
A critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper with the application database. Tracked as CVE-2024-5276, the...
Gitleaks is an open-source SAST tool designed to detect and prevent hardcoded secrets such as passwords, API keys, and tokens in Git repositories. With more than 15 million Docker downloads, 16,200 GitHub stars, 7 million GitHub downloads, thousands of weekly clones, and over 700,000 Homebrew installs, Gitleaks is one of the most trusted secret scanners among security professionals, enterprises, and developers.
Cyberespionage groups have been using ransomware as a tactic to make attack attribution more challenging, distract defenders, or for a financial reward as a secondary goal to data theft. A joint report from SentinelLabs and Recorded Future analysts presents the case of ChamelGang, a suspected Chinese advanced persistent threat that has been using the CatB ransomware strain in attacks that impact high-profile organizations worldwide.