InfoWorld

React2Shell is the Log4j moment for front end development

Attackers are exploiting a Flight protocol validation failure that allows them to execute arbitrary code without ...
SecurityWeek

From Open Source to OpenAI: The Evolution of Third-Party Risk

Software supply chain attacks are evolving as open source and AI-generated code introduce new third-party risks. Learn how ...

Apache Commons Text: Code injection vulnerability in older versions

Apache Commons Text is used for processing character strings in Java apps. A critical vulnerability allows the injection of ...
Security Boulevard

Microsoft Expands its Bug Bounty Program to Include Third-Party Code

In a nod to the evolving threat landscape that comes with cloud computing and AI and the growing supply chain threats, Microsoft is broadening its bug bounty program to reward researchers who uncover ...

GhostPoster attacks hide malicious JavaScript in Firefox addon logos

A new campaign dubbed 'GhostPoster' is hiding JavaScript code in the image logo of malicious Firefox extensions counting more ...

Restaurant Workers Charged After Allegedly Using ChatGPT to Fake a Robbery Report

Todd Durst, 45, was charged with swatting, obstructing official business and inducing panic; Luis Acevedo Jr., 40, fled the ...
WeLiveSecurity

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

ESET researchers discovered a China-aligned APT group, LongNosedGoblin, which uses Group Policy to deploy cyberespionage ...

New Chinese group LongNosedGoblin deploys cyberespionage tools in Southeast Asia and Japan, ESET Research discovers

LongNosedGoblin is a newly discovered China-aligned Advanced Persistent Threat (APT) group targeting governmental entities in Southeast Asia and ...

Only two species can survive in Great Salt Lake? Scientist says — hold my Nalgene

Scientist Julie Jung set out on a hike along the Great Salt Lake to find nematodes. She ended up discovering a new species.