USN-5743-2: LibTIFF vulnerability
USN-5743-1 fixed a vulnerability in LibTIFF. This update provides the corresponding updates for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10....
WhatsApp Files on Dark Web Show Millions of Records For Sale
The list went on sale for four days and is now being distributed for free among dark web users Read More
Sirius XM Software Vulnerability
This is new: Newly revealed research shows that a number of major car brands, including Honda, Nissan, Infiniti, and Acura, were affected by a previously...
USN-5754-1: Linux kernel vulnerabilities
It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote...
krb5-1.20.1-1.fc38
FEDORA-2022-8050ab2c35 Packages in this update: krb5-1.20.1-1.fc38 Update description: Automatic update for krb5-1.20.1-1.fc38. Changelog * Wed Nov 23 2022 Julien Rische <jrische@redhat.com> - 1.20.1-1 - New...
Researchers found security pitfalls in IBM’s cloud infrastructure
Security researchers recently probed IBM Cloud’s database-as-a-service infrastructure and found several security issues that granted them access to the internal server used to build database...
mujs-1.3.2-1.fc38
FEDORA-2022-142872d895 Packages in this update: mujs-1.3.2-1.fc38 Update description: Automatic update for mujs-1.3.2-1.fc38. Changelog * Thu Dec 1 2022 Alain Vigne <avigne@fedoraproject.org> 1.3.2-1 - upstream release...
Software projects face supply chain security risk due to insecure artifact downloads via GitHub Actions
The way build artifacts are stored by the GitHub Actions platform could enable attackers to inject malicious code into software projects with CI/CD (continuous integration...
Unwrapping Some of the Holiday Season’s Biggest Scams
Even with the holidays in full swing, scammers won’t let up. In fact, it’s high time for some of their nastiest cons as people travel,...
CVE-2022-1471
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code...