#OpenSourceVulnerabilities

TAG-100: New Threat Actor Uses Open-Source Tools for Widespread Attacks

by

July 18, 2024 at 06:27AM Unknown threat actors are suspected of conducting a cyber espionage campaign using open-source tools to target government and private sector organizations across at least ten countries. The group has been observed exploiting known security flaws to gain initial access and deploying various open-source remote access capabilities and exploits. The attacks … Read more

OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

by

April 16, 2024 at 11:24AM Security researchers have uncovered a “credible” takeover attempt targeting the OpenJS Foundation, resembling a recent incident aimed at the open-source XZ Utils project. The incident involved suspicious emails urging updates to JavaScript projects and calls to designate new maintainers. This highlights the risks of supply chain attacks and the need … Read more