Pierluigi Paganini
October 21, 2022
Wordfence researchers warn of exploitation attempts targeting the recently disclosed flaw in Apache Commons Text dubbed Text4Shell. Experts at WordPress security firm Wordfence reported exploitation attempts targeting the recently disclosed flaw in Apache Commons Text dubbed Text4Shell. GitHub’s threat analyst Alvaro Munoz this week disclosed a remote code execution vulnerability, tracked as CVE-2022-42889 (CVSS score 9.8), in the open-source Apache Commons […]
Pierluigi Paganini
October 21, 2022
CISA added a Linux kernel vulnerability, tracked as CVE-2021-3493, to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added a Linux kernel vulnerability, tracked as CVE-2021-3493, to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the […]
Pierluigi Paganini
October 21, 2022
Google launched the Graph for the Understanding Artifact Composition (GUAC) project, to secure the software supply chain. Google this week launched a new project named Graph for Understanding Artifact Composition (GUAC) which aims at securing the software supply chain. The IT giant is seeking contributors to the new project. “GUAC, or Graph for Understanding Artifact Composition, is in the […]
Pierluigi Paganini
October 20, 2022
Microsoft disclosed a data leak, sensitive data of some of its customers were exposed by a misconfigured Microsoft server accessible online. Microsoft announced that sensitive data belonging to some of its customers were exposed on the Internet due to a misconfigured Microsoft server. The data leak was discovered by the security threat intelligence firm SOCRadar […]
Pierluigi Paganini
October 20, 2022
While the Russian army is conducting coordinated missile and drone strikes in Ukraine experts observed Internet disruptions in the country. Starting on the morning of Monday, October 10, the Russian army is targeting several cities in Ukraine with coordinated missile and drone strikes. The escalation is a retaliation for the bombing of a bridge connecting […]
Pierluigi Paganini
October 20, 2022
The Federal Police of Brazil arrested an individual who is suspected of being a member of the notorious LAPSUS$ extortionist group. The Federal Police of Brazil yesterday announced the arrest of an individual suspected of being linked to the LAPSUS$ extortionist gang. The authorities did not disclose info about the individual, it seems that the […]
Pierluigi Paganini
October 20, 2022
Nearly two million .git folders containing vital project information are exposed to the public, the Cybernews research team found. Original Post at https://cybernews.com/security/millions-git-folders-exposed/ Git is the most popular open-source, distributed version control system (VCS) developed nearly 20 years ago by Linus Torvalds for development of the Linux kernel, with other kernel developers contributing to its initial […]
Pierluigi Paganini
October 19, 2022
Researcher discovered a remote code execution vulnerability in the open-source Apache Commons Text library. GitHub’s threat analyst Alvaro Munoz discovered a remote code execution vulnerability, tracked as CVE-2022-42889, in the open-source Apache Commons Text library. Apache Commons Text is a library focused on algorithms working on strings. The vulnerability, dubbed “Text4Shell,” is an unsafe script evaluation issue […]
Pierluigi Paganini
October 19, 2022
Cybersecurity researchers published technical details about a now-patched FabriXss flaw that impacts Azure Fabric Explorer. Orca Security researchers have released technical details about a now-patched FabriXss vulnerability, tracked as CVE-2022-35829 (CVSS 6.2), that impacts Azure Fabric Explorer. An attacker can exploit the vulnerability to gain administrator privileges on the cluster. In order to exploit this flaw, an […]
Pierluigi Paganini
October 19, 2022
A bug in the message encryption mechanism used by Microsoft in Office 365 can allow to access the contents of the messages. Researchers at the cybersecurity firm WithSecure discovered a bug in the message encryption mechanism used by Microsoft in Office 365 that can allow to access message contents due. The experts pointed out that Microsoft Office […]
Security / September 23, 2025
