Featured
10/27/2022
Two cybersecurity champions to exit Congress
In January, Congress will lose two cybersecurity champions, with both Rep. Jim Langevin and Sen. Rob Portman retiring after the midterm elections.
.png){kind=logo}
12/02/2022
Pentagon moves to beef up cybersecurity
The Department of Defense will move to a so-called zero-trust cybersecurity model by 2027.
12/01/2022
Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework
A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems.
12/01/2022
One Year After Log4Shell, Most Firms Are Still Exposed to Attack
Though there have been fewer than expected publicly reported attacks involving the vulnerability.
11/30/2022
Developers Warned of Critical Remote Code Execution Flaw in Quarkus Java Framework
Available since 2019, Quarkus is an open source Kubernetes-native Java framework designed for GraalVM and HotSpot virtual machines.
11/30/2022
Critical Quarkus Flaw Threatens Cloud Developers With Easy RCE
Red Hat has issued patches for a bug in an open source Java virtual machine software that opens the door to drive-by localhost attacks.
11/30/2022
New Financial Assistance Program For Open Source Developers Makes Its Way
The new program to provide financial assistance to open source developers has been announced by Contrast Security. Through the programme, more than $15,000 will be distributed to support activities.
11/30/2022
Zero-Day Flaw Discovered in Quarkus Java Framework
A high-severity zero-day vulnerability has been discovered in the Red Hat build of Quarkus.
11/29/2022
Contrast Security announces new program to financially support open source developers
Contrast Security has announced a new sponsorship program to support open source developers.
11/29/2022
Localhost attack against Quarkus developers | Contrast Security
While preparing a talk for the recent DeepSec Conference about attacking the developer environment through drive-by localhost, I reviewed some popular Java frameworks to see if they were vulnerable.
11/29/2022
OpZero’s modus operandi: opportunity hunter, front for Kremlin, or both?
OpZero, a Russian company, is a fairly new player in the market of zero-day exploits.
11/28/2022
Could “The New Twitter” Run Into Issues With GDPR One Stop Shop Rule? Irish DPC Source Indicates Staffing Situation May Be a Problem
Elon Musk’s takeover of Twitter has come with sweeping changes to the company’s structure.
11/23/2022
Hidden Russian Software in Thousands of Apps Sparks Fears of Online Activity Tracking, Prompts Ban by US Army
A piece of Russian software buried in thousands of apps has raised concerns in some government agencies.