Security Affairs

FEBRUARY 1, 2021

Google discovered a flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption library that could be exploited to get remote code execution. Just decrypting some data can overflow a heap buffer with attacker controlled data, no verification or signature is validated before the vulnerability occurs.”

Libraries 359

Libraries Encryption Privacy IT 359

Security Affairs

DECEMBER 1, 2021

Mozilla fixed a critical memory corruption issue affecting its cross-platform Network Security Services (NSS) set of cryptography libraries. Mozilla has addressed a heap-based buffer overflow vulnerability (CVE-2021-43527) in its cross-platform Network Security Services (NSS) set of cryptography libraries. ” wrote Ormandy.

Libraries 350

Libraries Security CMS Communications 350

Security Affairs

NOVEMBER 3, 2020

The npm security team has removed a malicious JavaScript library named “ twilio-npm ” from its repository because contained malicious code. The tainted JavaScript library was spotted by the researcher Ax Sharma from security firm Sonatype. SecurityAffairs – hacking, npm library). tcp.ngrok[.]io:11425

Libraries 316

Libraries Security IT Information Security 316

Security Affairs

SEPTEMBER 27, 2023

Google assigned a maximum score to a critical security flaw, tracked as CVE-2023-5129, in the libwebp image library for rendering images in the WebP format. Google assigned a new CVE identifier for a critical vulnerability, tracked as CVE-2023-5129 (CVSS score 10,0), in the libwebp image library for rendering images in the WebP format.

Libraries 332

Libraries IT Security Information Security 332

Security Affairs

DECEMBER 10, 2021

Experts publicly disclose Proof-of-concept exploits for a critical zero-day vulnerability in the Apache Log4j Java-based logging library. Experts publicly disclose Proof-of-concept exploits for a critical remote code execution zero-day vulnerability, tracked a CVE-2021-44228 (aka Log4Shell ), in the Apache Log4j Java-based logging library.

Libraries 364

Libraries IT Cloud Data breaches 364

Security Affairs

OCTOBER 10, 2023

A vulnerability in the libcue library impacting GNOME Linux systems can be exploited to achieve remote code execution (RCE) on affected hosts. A threat actor can trigger a vulnerability, tracked as CVE-2023-43641 (CVSS score: 8.8), in the libcue library impacting GNOME Linux systems to achieve remote code execution (RCE) on affected hosts.

Libraries 313

Libraries Security IT Access 313

Data Breach Today

OCTOBER 22, 2021

Sonatype: Cryptominers Launched in Windows, macOS, Linux Devices Researchers at open-source software firm Sonatype have uncovered multiple malicious packages that disguise themselves as legitimate JavaScript libraries on npm registries to launch cryptominers on Windows, macOS and Linux machines.

Libraries 299

Libraries 299

Data Breach Today

MARCH 18, 2024

The Python Library Flaw Allows Directory Traversal Attacks Hackers who are possibly members of a criminal group affiliated with numerous ransomware-as-a-service operations are exploiting a directory traversal vulnerability in a Python library that allows unauthenticated remote attackers access to sensitive information from server files.

Libraries 289

Libraries Ransomware Access 289

Security Affairs

NOVEMBER 5, 2021

Two popular npm libraries, coa and rc. The security team of the npm JavaScript package warns that two popular npm libraries, coa and rc. Two npm libraries that have a total of 23 million weekly downloads, a data that is worrisome. The post npm libraries coa and rc. while compromised rc versions are 1.2.9,

Libraries 327

Libraries Passwords Access Security 327

Security Affairs

JUNE 16, 2022

Researchers disclosed a remote code execution vulnerability, tracked as CVE-2022-25845, in the popular Fastjson library. Cybersecurity researchers from JFrog disclosed details of a now patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution.

Libraries 250

Libraries Cybersecurity Security IT 250

Security Affairs

APRIL 15, 2023

The Goldoson library was discovered by researchers from McAfee’s Mobile Research Team, it collects lists of applications installed on a device, and a history of Wi-Fi and Bluetooth devices information, including nearby GPS locations. The experts have found more than 60 applications in Google Play that were containing the malicious library.

Libraries 246

Libraries Data collection Education Security 246

Data Breach Today

JULY 24, 2024

Open-Source Company Issues Patches After Being Alerted by Palo Alto A widely used generative artificial intelligence framework is vulnerable to a prompt injunction flaw that could enable sensitive data to leak. Security researchers at Palo Alto Networks uncovered two arbitrary code flaws in open-source library LangChain.

Artificial Intelligence 304

Artificial Intelligence Libraries Security 304

Security Affairs

JANUARY 15, 2025

An attackers with root access can to add a custom file system bundle to /Library/Filesystems. Since an attacker that can run as root can drop a new file system bundle to/Library/Filesystems, they can later triggerstoragekitdto spawn custom binaries, hence bypassing SIP.” ” concludes Microsoft.

Libraries 280

Libraries Access Privacy IT 280

Data Breach Today

JANUARY 18, 2024

Also: FBI Warning About Androxgh0st; eBay Pays a $3 Million Fine for Cyberstalking This week, Microsoft expanded plans to store EU citizens' data locally, shipping-themed phishing spam is a threat, the British Library overcame a ransomware setback, the FBI warned of Androxgh0st malware, Remcos RAT targeted South Korea, and eBay was fined $3 million (..)

Libraries 308

Libraries Phishing Ransomware 308

Data Breach Today

JUNE 17, 2022

Contrast Security CPO Steve Wilson on Why Log4j Hack Is a Sign of Things to Come The discovery and subsequent exploitation of a critical zero-day vulnerability in Apache's Log4j open-source library has highlighted the importance of code security in today's threat landscape, according to Contrast Security Chief Product Officer Steve Wilson.

Libraries 239

Libraries Security 239

Security Affairs

SEPTEMBER 2, 2021

The now-fixed CVE-2020-1910 vulnerability in WhatApp ‘s image filter feature could have exposed user data to remote attackers. The experts started to fuzz the interesting WhatsApp libraries and discovered that the flaw resides in the “applyFilterIntoBuffer()” function that handles image filters. Pierluigi Paganini.

Libraries 354

Libraries Security Access Cybersecurity 354

Security Affairs

JULY 25, 2021

In order to target Telegram, the malware creates the archive “telegram.applescript” for the “keepcoder.Telegram” folder which is located in the Group Containers folder (“~/Library/Group Containers/6N38VWS5BX.ru.keepcoder.Telegram”). Once obtained the Safe Storage Key, the malware can decrypt the data and send it to the C2 server.

Libraries 286

Libraries Passwords Archiving Access 286

Security Affairs

MARCH 13, 2025

“GitLab has remediated two privately disclosed security issues (CVE-2025-25291, CVE-2025-25292) identified in the ruby-saml library which GitLab uses when SAML SSO authentication is enabled at the instance or group level.” This library is, however, used in other popular projects and products.” addressed the issue.

Authentication 169

Authentication Libraries Data breaches Security 169

Security Affairs

APRIL 15, 2025

In early April, experts warned of another critical vulnerability impacting Apache Parquets Java Library. Apache Parquets Java Library is a software library for reading and writing Parquet files in the Java programming language. The vulnerability CVE-2025-30065 is a Deserialization of Untrusted Data issue. Versions 1.15.0

Passwords 127

Passwords Access Libraries Big data 127

Security Affairs

MARCH 26, 2023

On Friday, OpenAI revealed that the recent exposure of users’ personal information and chat titles in its chatbot service was caused by a bug in the Redis open-source library. we had a significant issue in ChatGPT due to a bug in an open source library, for which a fix has now been released and we have just finished validating.

Libraries 246

Libraries IT Security Data breaches 246

Security Affairs

APRIL 8, 2021

Days after a massive Facebook data leak made the headlines, 500 million LinkedIn users are being sold online, seller leaked 2 million records as proof. To see if your email address has been exposed in this data leak or other security breaches, use our personal data leak checker with a library of 15+ billion breached records.

Passwords 361

Passwords Phishing Personal data Libraries 361

Security Affairs

JULY 12, 2021

For the third time in the past four months, LinkedIn seems to have experienced another massive data scrape conducted by a malicious actor. Once again, an archive of data collected from hundreds of millions of LinkedIn user profiles surfaced on a hacker forum, where it’s currently being sold for an undisclosed sum.

Archiving 361

Archiving Passwords Data collection Sales 361

Security Affairs

SEPTEMBER 3, 2024

Vulnerabilities in Microsoft apps for macOS could allow attackers to steal permissions and access sensitive data. These flaws could allow attackers to inject malicious libraries into Microsoft’s apps and steal permissions. However, they also rely on the risky com.apple.security.cs.disable-library-validation entitlement active.

Libraries 327

Libraries Risk Access Security 327

Security Affairs

AUGUST 30, 2020

The npm security team removed a malicious JavaScript library from the npm repository that was designed to steal sensitive files from the victims. The fallguys library claimed to provide an interface to the “ Fall Guys: Ultimate Knockout ” game API. The files contain a user’s browsing history data.

Libraries 358

Libraries Access Security IT 358

Security Affairs

JANUARY 20, 2025

Researchers found malicious npm and PyPI packages capable of stealing and deleting sensitive data from infected systems. Crooks used names typosquatting popular libraries, such as @async-mutex/mutex , dexscreener , solana-transaction-toolkit and solana-stable-web-huks.

Libraries 254

Libraries Authentication IT Access 254

Security Affairs

DECEMBER 16, 2021

Experts warn that threat actors are actively attempting to exploit a second bug disclosed in the popular Log4j logging library. American web infrastructure and website security company Cloudflare warns that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046 , disclosed in the Log4j library.

Libraries 363

Libraries Ransomware Access Security 363

Security Affairs

DECEMBER 4, 2020

Hundreds of millions of Android users are potentially exposed to the risk of hack due to the use of Android Play Core Library versions vulnerable to CVE-2020-8913. The CVE-2020-8913 flaw is a local, arbitrary code execution vulnerability that resides exists in the SplitCompat.install endpoint in Android’s Play Core Library.

Libraries 338

Libraries e-Delivery Risk Passwords 338

Security Affairs

JULY 21, 2021

Experts found a DB containing sensitive health insurance data belonging to customers of US insurance giant Humana. An SQL database containing what appears to be highly sensitive health insurance data of more than 6,000 patients has been leaked on a popular hacker forum. Who had access to the data? What was leaked?

Insurance 306

Insurance Passwords Libraries Access 306

Security Affairs

MARCH 18, 2021

file: /data/data/com.zhiliaoapp.musically/app_lib/df_rn_kit/df_rn_kit_a3e37c20900a22bc8836a51678e458f7/arm64-v8a/libjsc.so. Then he overwrote the native-libraries with a malicious library created to execute his code. The expert created a zip file and path traversed the filename to overwrite the libjsc.so

Libraries 350

Libraries Security Information Security IT 350

Security Affairs

MARCH 30, 2024

Red Hat warns of a backdoor in XZ Utils data compression tools and libraries in Fedora development and experimental versions. Red Hat urges users to immediately stop using systems running Fedora development and experimental versions because of a backdoor in the latest versions of the “xz” tools and libraries. x versions.

Libraries 350

Libraries Authentication Access Risk 350

Security Affairs

JULY 7, 2022

“Unlike other threats that hijack shared libraries by modifying the environment variable LD_PRELOAD, this malware uses 2 different ways to load the malicious library. The backdoor hooks the read and write functions to log data that is being written by the executed processes on the infected machine.

Libraries 342

Libraries Cybersecurity Authentication Access 342

Security Affairs

DECEMBER 18, 2021

Multiple flaws in the Log4J library are scaring organizations worldwide while threat actors are already exploiting them. While the experts were warning that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046 , disclosed in the Log4j library a third security vulnerability made the headlines.

Libraries 364

Libraries Security Ransomware IT 364

Security Affairs

OCTOBER 18, 2020

Microsoft released two out-of-band security updates to address remote code execution (RCE) bugs in the Microsoft Windows Codecs Library and Visual Studio Code. The CVE-2020-17022 is a remote code execution vulnerability that exists in the way that Microsoft Windows Codecs Library handles objects in memory. ” reads the advisory.

Libraries 342

Libraries Manufacturing Security IT 342