August 28, 2024 at 06:05AM Open source large language model (LLM) servers and vector databases are unknowingly leaking sensitive data online. Legit security researcher Naphtali Deutsch discovered numerous vulnerable open source AI services, including unpatched Flowise servers and unprotected vector databases. The exposed data poses serious security risks, requiring organizations to implement strict access controls … Read more
July 2, 2024 at 09:22AM Critical vulnerabilities in the CocoaPods dependency manager allowed threat actors to take over orphaned packages, execute shell commands, and impact millions of iOS and macOS applications. Orphaned pods were associated with a default owner, and an authentication server bug enabled remote code execution. The vulnerabilities were addressed by CocoaPods in … Read more
May 8, 2024 at 12:44PM A use-after-free flaw in the open-source Tinyproxy (versions 1.11.1 and 1.10.0) allows attackers to trigger memory corruption, potentially leading to denial-of-service (DoS) and remote code execution (RCE) via a specially crafted HTTP Connection header. The flaw is rated 9.8 out of 10 in severity. While no known exploitation exists, more … Read more
May 7, 2024 at 10:51AM A critical vulnerability in XZ Utils raised comparisons to the SolarWinds hack and highlighted the power of the open source community in averting a disaster. However, it also raised questions about security and trust within the ecosystem. The incident suggests the need for stricter security measures and consideration of internal … Read more