360XSS - Hackers are exploiting a reflected XSS vulnerability in the "Krpano" VR library across hundreds of websites for SEO poisoning.

SpearTip Security Operations Center, together with the SaaS Alerts team, identified an emerging threat involving the fastHTTP library

Yesterday, Phylum's automated risk detection platform discovered that the PyPI package aiocpa was updated to include malicious code that steals private keys by exfiltrating them through Telegram when users initialize the crypto library. While the attacker published this malicious update to PyPI, they deliberately kept the package's GitHub repository clean

A vulnerability has been discovered in the 'util-linux' library that could allow unprivileged users to put arbitrary text on other users' terminals using the 'wall' command.

The Qualys Threat Research Unit (TRU) has recently unearthed four significant vulnerabilities in the GNU C Library, a cornerstone for countless applications in the Linux environment.

Before diving into the specific details of the vulnerabilities discovered by the Qualys Threat Research Unit in the GNU C Library, it’s crucial to understand these findings’ broader impact and importance. The GNU C Library, or glibc, is an essential component of virtually every Linux-based system, serving as the core interface between applications and the Linux kernel. The recent discovery of these vulnerabilities is not just a technical concern but a matter of widespread security implications.

The library has been incapacitated since October, and the effects have spread beyond researchers and book lovers.

Ledger's software got hit with a serious security problem. banteg, a well-known crypto guy, tweeted that Ledger's library is messed up and now has a "drainer" in it.