Flux RSS

— Sources secondaires

7articles RSS

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Vulnérabilités & PatchesThe Hacker Newsil y a 14 heures

Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX's pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code (VS Code) extension to pass the vetting process and go live in the registry. "The pipeline had a single boolean return value that meant both 'no scanners are configured' and 'all scanners failed to run,'" Koi

TP-Link Patches High-Severity Router Vulnerabilities

Vulnérabilités & PatchesSecurityWeekil y a 16 heures

The security defects could be used to bypass authentication, execute arbitrary commands, and decrypt configuration files. The post TP-Link Patches High-Severity Router Vulnerabilities appeared first on SecurityWeek.

CISA Flags Critical PTC Vulnerability That Had German Police Mobilized

Vulnérabilités & PatchesSecurityWeekil y a 18 heures

Police in Germany physically warned organizations about the critical PTC Windchill vulnerability tracked as CVE-2026-4681. The post CISA Flags Critical PTC Vulnerability That Had German Police Mobilized appeared first on SecurityWeek.

BIND Updates Patch High-Severity Vulnerabilities

Vulnérabilités & PatchesSecurityWeekavant-hier

Specially crafted domains could be used to cause out-of-memory conditions, leading to memory leaks in the BIND resolvers. The post BIND Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek.

iOS, macOS 26.4 Roll Out With Fresh Security Patches

Vulnérabilités & PatchesSecurityWeekil y a 3 jours

Apple released security fixes for older devices as well, in iOS 18.7.7, iPadOS 18.7.7, macOS Sequoia 15.7.5, and macOS Sonoma 14.8.5. The post iOS, macOS 26.4 Roll Out With Fresh Security Patches appeared first on SecurityWeek.

We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them

Vulnérabilités & PatchesThe Hacker Newsil y a 5 jours

AWS Bedrock is Amazon's platform for building AI-powered applications. It gives developers access to foundation models and the tools to connect those models directly to enterprise data and systems. That connectivity is what makes it powerful – but it’s also what makes Bedrock a target. When an AI agent can query your Salesforce instance, trigger a Lambda function, or pull from a SharePoint

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Vulnérabilités & PatchesThe Hacker Newsil y a 7 jours

Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware capable of stealing sensitive CI/CD secrets. The latest incident impacted GitHub Actions "aquasecurity/trivy-action" and "aquasecurity/setup-trivy," which are used to scan Docker container images for vulnerabilities and set up GitHub Actions

Page 1 / 1

Precedent Suivant