exploit Archives - Developer Tech News

CISA sounds alarm on critical GitLab flaw under active exploit

Ryan Daws — Thu, 02 May 2024 13:51:18 +0000

The US Cybersecurity and Infrastructure Security Agency (CISA) has labelled a critical vulnerability affecting the popular Git-based repository manager GitLab as a Known Exploited Vulnerability (KEV). The move comes in response to active exploitation attempts detected in the wild, underscoring the urgency for organisations to promptly apply security updates. Tracked as CVE-2023-7028, the severe flaw... Read more »

The post CISA sounds alarm on critical GitLab flaw under active exploit appeared first on Developer Tech News.

80% of Spring framework downloads are exploitable versions

Ryan Daws — Tue, 05 Apr 2022 11:55:01 +0000

Data from Sonatype suggests that 80 percent of weekly Spring framework downloads are still exploitable versions. Spring is a mighty popular framework—often ranking in the top three most-used Java frameworks. That’s why the Java developer community was shaken when a vulnerability named Spring4Shell (CVE-2022-22965) was leaked by a security researcher ahead of an official CVE... Read more »

The post 80% of Spring framework downloads are exploitable versions appeared first on Developer Tech News.

Spring4Shell vulnerability could have ‘a larger impact’ than Log4j

Ryan Daws — Thu, 31 Mar 2022 07:53:20 +0000

A newly-discovered zero-day vulnerability known as Spring4Shell could have “a larger impact” than Log4j. Log4j made waves in recent months as the vulnerability in the popular open-source logging library enabled attackers to break into systems, steal passwords and logins, extract data, and infect networks with malicious software. However, attention is now shifting to the Spring4Shell... Read more »

The post Spring4Shell vulnerability could have ‘a larger impact’ than Log4j appeared first on Developer Tech News.