What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-11-30 19:14:00 | Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection (lien direct) | New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an "unexpected behavior" in the npm command line interface (CLI) tool. npm CLI's install and audit commands have built-in capabilities to check a package and all of its dependencies for known vulnerabilities, effectively acting as a warning mechanism for | Malware Vulnerability | ★★★ | |
|
2022-11-29 22:09:00 | New Flaw in Acer Laptops Could Let Attackers Disable Secure Boot Protection (lien direct) | Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines. Tracked as CVE-2022-4020, the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G. The PC maker described the vulnerability as | Vulnerability | ★★★ | |
|
2022-11-29 09:50:00 | CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2021-35587, carries a CVSS score of 9.8 and impacts Oracle Access Manager (OAM) versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0. | Vulnerability | ★★★ | |
|
2022-11-28 17:26:00 | Researchers Detail AppSync Cross-Tenant Vulnerability in Amazon Web Services (lien direct) | Amazon Web Services (AWS) has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources. The issue relates to a confused deputy problem, a type of privilege escalation where a program that doesn't have permission to perform an action can coerce a more-privileged entity to perform the action. The shortcoming was reported | Vulnerability | ★★★ | |
|
2022-11-25 18:42:00 | (Déjà vu) Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw (lien direct) | Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser. Tracked as CVE-2022-4135, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022. Heap-based buffer overflow bugs can be | Vulnerability Threat | ||
|
2022-11-19 10:00:00 | Atlassian Releases Patches for Critical Flaws Affecting Crowd and Bitbucket Products (lien direct) | Australian software company Atlassian has rolled out security updates to address two critical flaws affecting Bitbucket Server, Data Center, and Crowd products. The issues, tracked as CVE-2022-43781 and CVE-2022-43782, are both rated 9 out of 10 on the CVSS vulnerability scoring system. CVE-2022-43781, which Atlassian said was introduced in version 7.0.0 of Bitbucket Server and Data Center, | Vulnerability | ★★★ | |
|
2022-11-17 11:52:00 | Iranian Hackers Compromised a U.S. Federal Agency\'s Network Using Log4Shell Exploit (lien direct) | Iranian government-sponsored threat actors have been blamed for compromising a U.S. federal agency by taking advantage of the Log4Shell vulnerability in an unpatched VMware Horizon server. The details, which were shared by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), come in response to incident response efforts undertaken by the authority from mid-June through mid-July 2022 | Vulnerability Threat | ||
|
2022-11-15 22:31:00 | Critical RCE Flaw Reported in Spotify\'s Backstage Software Catalog and Developer Platform (lien direct) | Spotify's Backstage has been discovered as vulnerable to a severe security flaw that could be exploited to gain remote code execution by leveraging a recently disclosed bug in a third-party module. The vulnerability (CVSS score: 9.8), at its core, takes advantage of a critical sandbox escape in vm2, a popular JavaScript sandbox library (CVE-2022-36067 aka Sandbreak), that came to light last | Vulnerability | ||
|
2022-11-15 22:03:00 | PCSpoof: New Vulnerability Affects Networking Tech Used by Spacecraft and Aircraft (lien direct) | Credit: Marina Minkin A novel attack method has been disclosed against a crucial piece of technology called time-triggered ethernet (TTE) that's used in safety-critical infrastructure, potentially causing the failure of systems powering spacecraft and aircraft. Dubbed PCspooF by a group of academics and researchers from the University of Michigan, the University of Pennsylvania, and the NASA | Vulnerability | ||
|
2022-11-10 13:19:00 | High-Severity Flaw Reported in Critical System Used in Oil and Gas Companies (lien direct) | Cybersecurity researchers have disclosed details of a new vulnerability in a system used across oil and gas organizations that could be exploited by an attacker to inject and execute arbitrary code. The vulnerability, tracked as CVE-2022-0902 (CVSS score: 8.1), is a path-traversal vulnerability in ABB Totalflow flow computers and remote controllers. "Attackers can exploit this flaw to gain root | Vulnerability | ★★★ | |
|
2022-11-09 11:34:00 | VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software (lien direct) | VMware has patched five security flaws affecting its Workspace ONE Assist solution, some of which could be exploited to bypass authentication and obtain elevated permissions. Topping the list, are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring system. CVE-2022-31685 is an | Vulnerability | ||
|
2022-11-05 11:30:00 | Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities (lien direct) | Microsoft is warning of an uptick in the nation-state and criminal actors increasingly leveraging publicly-disclosed zero-day vulnerabilities for breaching target environments. The tech giant, in its 114-page Digital Defense Report, said it has "observed a reduction in the time between the announcement of a vulnerability and the commoditization of that vulnerability," making it imperative that | Vulnerability | ||
|
2022-11-01 21:24:00 | Researchers Disclose Details of Critical \'CosMiss\' RCE Flaw Affecting Azure Cosmos DB (lien direct) | Microsoft on Tuesday said it addressed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB that enabled full read and write access. The tech giant said the problem was introduced on August 12, 2022, and rectified worldwide on October 6, 2022, two days after responsible disclosure from Orca Security, which dubbed the flaw CosMiss. "In short, if an attacker had | Vulnerability | ||
|
2022-11-01 16:58:00 | Critical RCE Vulnerability Reported in ConnectWise Server Backup Solution (lien direct) | IT service management software platform ConnectWise has released Software patches for a critical security vulnerability in Recover and R1Soft Server Backup Manager (SBM). The issue, characterized as a "neutralization of Special Elements in Output Used by a Downstream Component," could be abused to result in the execution of remote code or disclosure of sensitive information. ConnectWise's | Vulnerability | ||
|
2022-10-31 17:30:00 | Unofficial Patch Released for New Actively Exploited Windows MotW Vulnerability (lien direct) | An unofficial patch has been made available for an actively exploited security flaw in Microsoft Windows that makes it possible for files signed with malformed signatures to sneak past Mark-of-the-Web (MotW) protections. The fix, released by 0patch, arrives weeks after HP Wolf Security disclosed a Magniber ransomware campaign that targets users with fake security updates which employ a | Ransomware Vulnerability | ||
|
2022-10-28 20:00:00 | High-Severity Flaws in Juniper Junos OS Affect Enterprise Networking Devices (lien direct) | Multiple high-severity security flaws have been disclosed as affecting Juniper Networks devices, some of which could be exploited to achieve code execution. Chief among them is a remote pre-authenticated PHP archive file deserialization vulnerability (CVE-2022-22241, CVSS score: 8.1) in the J-Web component of Junos OS, according to Octagon Networks researcher Paulos Yibelo. "This vulnerability | Vulnerability | ||
|
2022-10-26 09:54:00 | VMware Releases Patch for Critical RCE Flaw in Cloud Foundation Platform (lien direct) | VMware on Tuesday shipped security updates to address a critical security flaw in its VMware Cloud Foundation product. Tracked as CVE-2021-39144, the issue has been rated 9.8 out of 10 on the CVSS vulnerability scoring system, and relates to a remote code execution vulnerability via XStream open source library. "Due to an unauthenticated endpoint that leverages XStream for input serialization in | Vulnerability | ||
|
2022-10-25 19:47:00 | 22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library (lien direct) | A high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs. Tracked as CVE-2022-35737 (CVSS score: 7.5), the 22-year-old issue affects SQLite versions 1.0.12 through 3.39.1, and has been addressed in version 3.39.2 released on July 21 | Vulnerability | ||
|
2022-10-25 09:05:00 | Apple Releases Patch for New Actively Exploited iOS and iPadOS Zero-Day Vulnerability (lien direct) | Tech giant Apple on Monday rolled out updates to remediate a zero-day flaw in iOS and iPadOS that it said has been actively exploited in the wild. The weakness, given the identifier CVE-2022-42827, has been described as an out-of-bounds write issue in the Kernel, which could be abused by a rogue application to execute arbitrary code with the highest privileges. Successful exploitation of | Vulnerability | ||
|
2022-10-22 11:12:00 | Critical Flaw Reported in Move Virtual Machine Powering the Aptos Blockchain Network (lien direct) | Researchers have disclosed details about a now-patched critical flaw in the Move virtual machine that powers the Aptos blockchain network. The vulnerability "can cause Aptos nodes to crash and cause denial of service," Singapore-based Numen Cyber Labs said in a technical write-up published earlier this month. Aptos is a new entrant to the blockchain space, which launched its mainnet on October | Vulnerability | ||
|
2022-10-21 20:26:00 | Multiple Campaigns Exploit VMware Vulnerability to Deploy Crypto Miners and Ransomware (lien direct) | A now-patched vulnerability in VMware Workspace ONE Access has been observed being exploited to deliver both cryptocurrency miners and ransomware on affected machines. "The attacker intends to utilize a victim's resources as much as possible, not only to install RAR1Ransom for extortion, but also to spread GuardMiner to collect cryptocurrency," Fortinet FortiGuard Labs researcher Cara Lin said | Ransomware Vulnerability | ||
|
2022-10-21 16:33:00 | Hackers Started Exploiting Critical "Text4Shell" Apache Commons Text Vulnerability (lien direct) | WordPress security company Wordfence on Thursday said it started detecting exploitation attempts targeting the newly disclosed flaw in Apache Commons Text on October 18, 2022. The vulnerability, tracked as CVE-2022-42889 aka Text4Shell, has been assigned a severity ranking of 9.8 out of a possible 10.0 on the CVSS scale and affects versions 1.5 through 1.9 of the library. It's also similar to | Vulnerability | ||
|
2022-10-18 10:59:00 | Critical RCE Vulnerability Discovered in Popular Cobalt Strike Hacking Software (lien direct) | HelpSystems, the company behind the Cobalt Strike software platform, has released an out-of-band security update to address a remote code execution vulnerability that could allow an attacker to take control of targeted systems. Cobalt Strike is a commercial red-team framework that's mainly used for adversary simulation, but cracked versions of the software have been actively abused by ransomware | Vulnerability | ★★★ | |
|
2022-10-17 16:03:00 | Researchers Say Microsoft Office 365 Uses Broken Email Encryption to Secure Messages (lien direct) | New research has disclosed what's being called a security vulnerability in Microsoft 365 that could be exploited to infer message contents due to the use of a broken cryptographic algorithm. "The [Office 365 Message Encryption] messages are encrypted in insecure Electronic Codebook (ECB) mode of operation," Finnish cybersecurity company WithSecure said in a report published last week. Office 365 | Vulnerability | ||
|
2022-10-17 15:20:00 | Zimbra Releases Patch for Actively Exploited Vulnerability in its Collaboration Suite (lien direct) | Zimbra has released patches to contain an actively exploited security flaw in its enterprise collaboration suite that could be leveraged to upload arbitrary files to vulnerable instances. Tracked as CVE-2022-41352 (CVSS score: 9.8), the issue affects a component of the Zimbra suite called Amavis, an open source content filter, and more specifically, the cpio utility it uses to scan and extract | Vulnerability | ||
|
2022-10-14 23:04:00 | Researchers Reveal Detail for Windows Zero-Day Vulnerability Patched Last Month (lien direct) | Details have emerged about a now-patched security flaw in Windows Common Log File System (CLFS) that could be exploited by an attacker to gain elevated permissions on compromised machines. Tracked as CVE-2022-37969 (CVSS score: 7.8), the issue was addressed by Microsoft as part of its Patch Tuesday updates for September 2022, while also noting that it was being actively exploited in the wild. " | Vulnerability | ★★★ | |
|
2022-10-12 16:11:00 | Critical Bug in Siemens SIMATIC PLCs Could Let Attackers Steal Cryptographic Keys (lien direct) | A vulnerability in Siemens Simatic programmable logic controller (PLC) can be exploited to retrieve the hard-coded, global private cryptographic keys and seize control of the devices. "An attacker can use these keys to perform multiple advanced attacks against Siemens SIMATIC devices and the related TIA Portal, while bypassing all four of its access level protections," industrial cybersecurity | Vulnerability | ||
|
2022-10-11 11:51:00 | Fortinet Warns of Active Exploitation of Newly Discovered Critical Auth Bypass Bug (lien direct) | Fortinet on Monday revealed that the newly patched critical security vulnerability impacting its firewall and proxy products is being actively exploited in the wild. Tracked as CVE-2022-40684 (CVSS score: 9.6), the flaw relates to an authentication bypass in FortiOS, FortiProxy, and FortiSwitchManager that could allow a remote attacker to perform unauthorized operations on the administrative | Vulnerability | ||
|
2022-10-08 13:20:00 | Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite (lien direct) | A severe remote code execution vulnerability in Zimbra's enterprise collaboration software and email platform is being actively exploited, with no patch currently available to remediate the issue. The shortcoming, assigned CVE-2022-41352, carries a critical-severity rating of CVSS 9.8, providing a pathway for attackers to upload arbitrary files and carry out malicious actions on affected | Vulnerability | ||
|
2022-10-06 17:50:00 | Details Released for Recently Patched new macOS Archive Utility Vulnerability (lien direct) | Security researchers have shared details about a now-addressed security flaw in Apple's macOS operating system that could be potentially exploited to run malicious applications in a manner that can bypass Apple's security measures. The vulnerability, tracked as CVE-2022-32910, is rooted in the built-in Archive Utility and "could lead to the execution of an unsigned and unnotarized application | Vulnerability Guideline | ||
|
2022-10-04 20:39:00 | Researchers Report Supply Chain Vulnerability in Packagist PHP Repository (lien direct) | Researchers have disclosed details about a now-patched high-severity security flaw in Packagist, a PHP software package repository, that could have been exploited to mount software supply chain attacks. "This vulnerability allows gaining control of Packagist," SonarSource researcher Thomas Chauchefoin said in a report shared with The Hacker News. Packagist is used by the PHP package manager | Vulnerability | ||
|
2022-10-04 13:35:00 | ProxyNotShell – the New Proxy Hell? (lien direct) | Nicknamed ProxyNotShell, a new exploit used in the wild takes advantage of the recently published Microsoft Server-Side Request Forgery (SSRF) vulnerability CVE-2022-41040 and a second vulnerability, CVE-2022-41082 that allows Remote Code Execution (RCE) when PowerShell is available to unidentified attackers. Based on ProxyShell, this new zero-day abuse risk leverage a chained attack similar to | Vulnerability | ||
|
2022-10-03 16:26:00 | Hackers Exploiting Dell Driver Vulnerability to Deploy Rootkit on Targeted Computers (lien direct) | The North Korea-backed Lazarus Group has been observed deploying a Windows rootkit by taking advantage of an exploit in a Dell firmware driver, highlighting new tactics adopted by the state-sponsored adversary. The Bring Your Own Vulnerable Driver (BYOVD) attack, which took place in the autumn of 2021, is another variant of the threat actor's espionage-oriented activity called Operation In(ter) | Vulnerability Threat Medical | APT 38 | |
|
2022-10-01 12:05:00 | CISA Warns of Hackers Exploiting Critical Atlassian Bitbucket Server Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed critical flaw impacting Atlassian's Bitbucket Server and Data Center to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2022-36804, the issue relates to a command injection vulnerability that could allow malicious actors to gain arbitrary | Vulnerability | ||
|
2022-09-28 10:33:00 | Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely (lien direct) | WhatsApp has released security updates to address two flaws in its messaging app for Android and iOS that could lead to remote code execution on vulnerable devices. One of them concerns CVE-2022-36934 (CVSS score: 9.8), a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code simply by establishing a video call. The issue impacts the WhatsApp and | Hack Vulnerability Guideline | ||
|
2022-09-24 10:33:00 | Hackers Actively Exploiting New Sophos Firewall RCE Vulnerability (lien direct) | Security software company Sophos has warned of cyberattacks targeting a recently addressed critical vulnerability in its firewall product. The issue, tracked as CVE-2022-3236 (CVSS score: 9.8), impacts Sophos Firewall v19.0 MR1 (19.0.1) and older and concerns a code injection vulnerability in the User Portal and Webadmin components that could result in remote code execution. The company said it | Vulnerability | ||
|
2022-09-23 15:51:00 | CISA Warns of Hackers Exploiting Recent Zoho ManageEngine Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a recently disclosed security flaw in Zoho ManageEngine to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. "Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability which allows for remote code execution," the agency | Vulnerability | ||
|
2022-09-22 16:10:00 | Researchers Disclose Critical Vulnerability in Oracle Cloud Infrastructure (lien direct) | Researchers have disclosed a new severe Oracle Cloud Infrastructure (OCI) vulnerability that could be exploited by users to access the virtual disks of other Oracle customers. "Each virtual disk in Oracle's cloud has a unique identifier called OCID," Shir Tamari, head of research at Wiz, said in a series of tweets. "This identifier is not considered secret, and organizations do not treat it as | Vulnerability | ||
|
2022-09-22 14:47:00 | 15-Year-Old Unpatched Python Vulnerability Potentially Affects Over 350,000 Projects (lien direct) | As many as 350,000 open source projects are believed to be potentially vulnerable to exploitation as a result of a security flaw in a Python module that has remained unpatched for 15 years. The open source repositories span a number of industry verticals, such as software development, artificial intelligence/machine learning, web development, media, security, IT management. The shortcoming, | Vulnerability | ||
|
2022-09-22 11:47:00 | Hackers Targeting Unpatched Atlassian Confluence Servers to Deploy Crypto Miners (lien direct) | A now-patched critical security flaw affecting Atlassian Confluence Server that came to light a few months ago is being actively exploited for illicit cryptocurrency mining on unpatched installations. "If left unremedied and successfully exploited, this vulnerability could be used for multiple and more malicious attacks, such as a complete domain takeover of the infrastructure and the deployment | Vulnerability | ||
|
2022-09-16 16:28:00 | Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies (lien direct) | Malicious actors such as Kinsing are taking advantage of both recently disclosed and older security flaws in Oracle WebLogic Server to deliver cryptocurrency-mining malware. Cybersecurity company Trend Micro said it found the financially-motivated group leveraging the vulnerability to drop Python scripts with capabilities to disable operating system (OS) security features such as | Vulnerability | ||
|
2022-09-14 07:21:00 | Over 280,000 WordPress Sites Attacked Using WPGateway Plugin Zero-Day Vulnerability (lien direct) | A zero-day flaw in the latest version of a WordPress premium plugin known as WPGateway is being actively exploited in the wild, potentially allowing malicious actors to completely take over affected sites. Tracked as CVE-2022-3180 (CVSS score: 9.8), the issue is being weaponized to add a malicious administrator user to sites running the WPGateway plugin, WordPress security company Wordfence | Vulnerability | ||
|
2022-09-12 16:34:00 | Why Vulnerability Scanning is Critical for SOC 2 (lien direct) | SOC 2 may be a voluntary standard, but for today's security-conscious business, it's a minimal requirement when considering a SaaS provider. Compliance can be a long and complicated process, but a scanner like Intruder makes it easy to tick the vulnerability management box. Security is critical for all organisations, including those that outsource key business operation to third parties like | Vulnerability | ||
|
2022-09-09 13:49:00 | Hackers Exploit Zero-Day in WordPress BackupBuddy Plugin in ~5 Million Attempts (lien direct) | A zero-day flaw in a WordPress plugin called BackupBuddy is being actively exploited, WordPress security company Wordfence has disclosed. "This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information," it said. BackupBuddy allows users to back up their entire WordPress installation from within the | Vulnerability | ||
|
2022-09-08 09:18:00 | Cisco Releases Security Patches for New Vulnerabilities Impacting Multiple Products (lien direct) | Cisco on Wednesday rolled out patches to address three security flaws affecting its products, including a high-severity weakness disclosed in NVIDIA Data Plane Development Kit (MLNX_DPDK) late last month. Tracked as CVE-2022-28199 (CVSS score: 8.6), the vulnerability stems from a lack of proper error handling in DPDK's network stack, enabling a remote adversary to trigger a denial-of-service ( | Vulnerability | ||
|
2022-09-07 10:58:00 | Critical RCE Vulnerability Affects Zyxel NAS Devices - Firmware Patch Released (lien direct) | Networking equipment maker Zyxel has released patches for a critical security flaw impacting its network-attached storage (NAS) devices. Tracked as CVE-2022-34747 (CVSS score: 9.8), the issue relates to a "format string vulnerability" affecting NAS326, NAS540, and NAS542 models. Zyxel credited researcher Shaposhnikov Ilya for reporting the flaw. "A format string vulnerability was found in a | Vulnerability | ||
|
2022-09-03 09:26:00 | Google Release Urgent Chrome Update to Patch New Zero-Day Vulnerability (lien direct) | Google on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier CVE-2022-3075, concerns a case of insufficient data validating in Mojo, which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC). An | Vulnerability | ||
|
2022-09-01 12:43:00 | Microsoft Discover Severe \'One-Click\' Exploit for TikTok Android App (lien direct) | Microsoft on Wednesday disclosed details of a now-patched "high severity vulnerability" in the TikTok app for Android that could let attackers take over accounts when victims clicked on a malicious link. "Attackers could have leveraged the vulnerability to hijack an account without users' awareness if a targeted user simply clicked a specially crafted link," Dimitrios Valsamaras of the Microsoft | Vulnerability | ★★★★★ | |
|
2022-09-01 08:54:00 | Apple Releases iOS Update for Older iPhones to Fix Actively Exploited Vulnerability (lien direct) | Apple on Wednesday backported security updates to older iPhones, iPads, and iPod touch devices to address a critical security flaw that has been actively exploited in the wild. The issue, tracked as CVE-2022-32893 (CVSS score: 8.8), is an out-of-bounds write issue affecting WebKit that could lead to arbitrary code execution when processing maliciously crafted web content. The tech | Vulnerability Guideline | ||
|
2022-08-31 11:12:00 | Google Launches New Open Source Bug Bounty to Tackle Supply Chain Attacks (lien direct) | Google on Monday introduced a new bug bounty program for its open source projects, offering payouts anywhere from $100 to $31,337 (a reference to eleet or leet) to secure the ecosystem from supply chain attacks. Called the Open Source Software Vulnerability Rewards Program (OSS VRP), the offering is one of the first open source-specific vulnerability programs. With the tech giant the maintainer | Vulnerability |
To see everything:
Our RSS (filtrered)
