developers

How old vulnerabilities are used to install a new web shell. Akamai report an increase in cyber attacks on vulnerable instances of the Chinese PHP framework ThinkPHP in order to install the Dama web shell. Dama allows hackers to continue exploiting compromised systems, turning them into part...

CISA and the FBI are calling for urgent measures to protect the code. CISA and the FBI called on software developers to more actively identify and eliminate path traversal vulnerabilities before releasing products to the market. Such flaws allow an attacker to create or overwrite critical...

Vulnerabilities in popular smartphone keyboards allow you to see what the user is typing. Citizen Lab identified vulnerabilities in popular keyboard applications that can be used to register keystrokes of Chinese users around the world. Security issues are present in almost all apps, including...

Will the flaw that allows viruses to be inserted into the code unnoticed be fixed? BleepingComputer identified a problem in the GitLab platform that allows attackers to distribute malware using comments in repositories. This feature can be used to create traps that look like legitimate files...

Clever methods of disguise allow cyber villains to complete their plans, bypassing information security radars. Cybersecurity specialists from the company Fortinet identified a new malicious package in the registry for PyPI developers, aimed at stealing Discord user data. A package called...

The new backdoor BianDoor finds an individual approach for each victim. The information security company GuidePoint Security has discovered that the BianLian group exploits vulnerabilities in the JetBrains TeamCity software to conduct ransomware attacks. Experts recorded a chain of attacks...

Joomla is playing catch - up with hackers, urgently fixing vulnerabilities. Five vulnerabilities were discovered in the Joomla content management system that can be used to execute arbitrary code on vulnerable sites. Developers have already fixed these security issues affecting several versions...

The epidemic of malicious packages calls into question the security of the supply chain. As part of a recent study by security specialists from ReversingLabs, two malicious packages were found in the Python Package Index (PyPI) repository that used the DLL Sideloading technique to bypass...

Researchers have identified the connection of a dangerous malware with ransomware from ALPHV / BlackCat. A new type of malware for macOS, distributed under the guise of an update for Microsoft Visual Studio, has been discovered online. This backdoor macro, written in the Rust programming...

The sent Cossack is aimed at Linux systems. How soon will the victims of the attack notice something is wrong? Three malicious packages capable of deploying a cryptocurrency miner on infected Linux devices were recently discovered in the open repository for PyPI developers. Packages named...

Russian iOS apps get new payment options. In response to a fine from the Federal Antimonopoly Service, Apple allowed Russian developers of iOS and iPadOS apps to use third-party payment systems to sell their digital goods and services. The company also lowered its commission from 30% to 27% for...