Security Affairs

DECEMBER 1, 2021

Mozilla fixed a critical memory corruption issue affecting its cross-platform Network Security Services (NSS) set of cryptography libraries. Mozilla has addressed a heap-based buffer overflow vulnerability (CVE-2021-43527) in its cross-platform Network Security Services (NSS) set of cryptography libraries. and NSS 3.73

Libraries 347

Libraries Security CMS Communications 347

Security Affairs

FEBRUARY 1, 2021

Google discovered a flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption library that could be exploited to get remote code execution. It’s also the crypto library used by systemd for DNSSEC. The team recommends users to stop using the vulnerable version of the library. which we released last week.

Libraries 358

Libraries Encryption Privacy IT 358

Security Affairs

JANUARY 30, 2024

Qualys researchers discovered a root access flaw, tracked as CVE-2023-6246, in GNU Library C (glibc) affecting multiple Linux distributions. The Qualys Threat Research Unit discovered four security vulnerabilities in the GNU Library C (glibc) , including a heap-based buffer overflow tracked as CVE-2023-6246. in August 2022.

Libraries 340

Libraries Access Security IT 340

Security Affairs

MAY 6, 2023

The FBI disrupted once again the illegal eBook library Z-Library the authorities seized several domains used by the service. The Federal Bureau of Investigation (FBI) seized multiple domains used by the illegal shadow eBook library Z-Library. The library is still reachable through TOR and I2P networks.

Libraries 246

Libraries Access Cybersecurity Security 246

Security Affairs

OCTOBER 10, 2023

A vulnerability in the libcue library impacting GNOME Linux systems can be exploited to achieve remote code execution (RCE) on affected hosts. A threat actor can trigger a vulnerability, tracked as CVE-2023-43641 (CVSS score: 8.8), in the libcue library impacting GNOME Linux systems to achieve remote code execution (RCE) on affected hosts.

Libraries 309

Libraries Security IT Access 309

Security Affairs

SEPTEMBER 27, 2023

Google assigned a maximum score to a critical security flaw, tracked as CVE-2023-5129, in the libwebp image library for rendering images in the WebP format. Google assigned a new CVE identifier for a critical vulnerability, tracked as CVE-2023-5129 (CVSS score 10,0), in the libwebp image library for rendering images in the WebP format.

Libraries 329

Libraries IT Security Information Security 329

Data Breach Today

MARCH 18, 2024

The Python Library Flaw Allows Directory Traversal Attacks Hackers who are possibly members of a criminal group affiliated with numerous ransomware-as-a-service operations are exploiting a directory traversal vulnerability in a Python library that allows unauthenticated remote attackers access to sensitive information from server files.

Libraries 289

Libraries Ransomware Access 289

Security Affairs

DECEMBER 10, 2021

Experts publicly disclose Proof-of-concept exploits for a critical zero-day vulnerability in the Apache Log4j Java-based logging library. Experts publicly disclose Proof-of-concept exploits for a critical remote code execution zero-day vulnerability, tracked a CVE-2021-44228 (aka Log4Shell ), in the Apache Log4j Java-based logging library.

Libraries 364

Libraries IT Cloud Data breaches 364

Security Affairs

JANUARY 3, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chrome and Perl library flaws to its Known Exploited Vulnerabilities catalog. The root cause of the problem is a weakness in the Spreadsheet::ParseExcel third-party library. This library is used by the Amavis virus scanner that runs on Barracuda ESG appliances.

Libraries 331

Libraries IT Cybersecurity Risk 331

Security Affairs

MAY 3, 2022

A vulnerability in the domain name system (DNS) component of the uClibc library impacts millions of IoT products. Nozomi Networks warns of a vulnerability, tracked as CVE-2022-05-02, in the domain name system (DNS) component of the uClibc library which is used by a large number of IoT products. ” continues the advisory.

Libraries 309

Libraries IoT Security Cybersecurity 309

Security Affairs

NOVEMBER 5, 2021

Two popular npm libraries, coa and rc. The security team of the npm JavaScript package warns that two popular npm libraries, coa and rc. Two npm libraries that have a total of 23 million weekly downloads, a data that is worrisome. The post npm libraries coa and rc. while compromised rc versions are 1.2.9,

Libraries 324

Libraries Passwords Access Security 324

Security Affairs

APRIL 15, 2023

The Goldoson library was discovered by researchers from McAfee’s Mobile Research Team, it collects lists of applications installed on a device, and a history of Wi-Fi and Bluetooth devices information, including nearby GPS locations. The experts have found more than 60 applications in Google Play that were containing the malicious library.

Libraries 246

Libraries Data collection Education Security 246

Security Affairs

MARCH 26, 2025

Mojo is Googles IPC library for Chromium-based browsers, managing sandboxed processes for secure communication. The vulnerability is an incorrect handle provided in unspecified circumstances in Mojo on Windows. Kaspersky researchers Boris Larin (@oct0xor) and Igor Kuznetsov (@2igosha) reported the vulnerability on March 20, 2025.

Libraries 288

Libraries Communications Security IT 288

Security Affairs

APRIL 9, 2023

The development team behind the vm2 JavaScript sandbox library addressed a critical Remote Code Execution vulnerability. servers, it has approximately four million weekly downloads and its library is part of 722 packages. servers, it has approximately four million weekly downloads and its library is part of 722 packages.

Libraries 245

Libraries File names Education Cybersecurity 245

CILIP

FEBRUARY 11, 2025

Libraries Week: Libraries Change Lives in June and Green Libraries Week in October SAVE THE DATES 2025: Libraries Change Lives will take place in June and Green Libraries Week in October. The new annual programme for campaigns is: Libraries Week: Libraries Change Lives , Monday 2 June Sunday 8 June 2025.

Libraries 74

Libraries Education IT 74

CILIP

JANUARY 31, 2025

Invitation to tender: Future ready libraries CILIP is inviting researchers to undertake a gap analysis and consultation with sector experts to create a comprehensive review of training provision for leadership in the public library workforce in England.

Libraries 79

Libraries Access Government 79

Security Affairs

MARCH 13, 2025

“GitLab has remediated two privately disclosed security issues (CVE-2025-25291, CVE-2025-25292) identified in the ruby-saml library which GitLab uses when SAML SSO authentication is enabled at the instance or group level.” This library is, however, used in other popular projects and products.” addressed the issue.

Authentication 166

Authentication Libraries Data breaches Security 166

Security Affairs

JANUARY 15, 2025

An attackers with root access can to add a custom file system bundle to /Library/Filesystems. Since an attacker that can run as root can drop a new file system bundle to/Library/Filesystems, they can later triggerstoragekitdto spawn custom binaries, hence bypassing SIP.” ” concludes Microsoft.

Libraries 277

Libraries Access Privacy IT 277

Security Affairs

OCTOBER 11, 2024

” The Internet Archive is an American nonprofit digital library website that provides free access to collections of digitized materials including websites, software applications, music, audiovisual, and print materials. As of September 5, 2024, the Internet Archive held more than 42.1 million print materials, 13 million videos, 1.2

Archiving 299

Archiving Data breaches Passwords File names 299

Data Breach Today

APRIL 5, 2024

A Fake Software Library Made Up by a ChatBot Was Downloaded More Than 35,000 Times Generative artificial intelligence is good at sounding authoritative - even when it's making stuff up. Especially when developers use AI tools that hallucinate entire software libraries.

Artificial Intelligence 321

Artificial Intelligence Libraries IT 321

Security Affairs

SEPTEMBER 3, 2024

These flaws could allow attackers to inject malicious libraries into Microsoft’s apps and steal permissions. Despite these risks, Microsoft considers the issues low-risk and declined to fix them, stating that some apps need to allow unsigned libraries for plugin support.

Libraries 324

Libraries Risk Access Security 324

Collaboration 2.0

DECEMBER 22, 2024

Who is liable: the product maker, the library coder, or the company that chose the product? Our Part 2 analysis examines this sticky issue if a catastrophic outcome occurs.

Libraries 353

Libraries 353

Security Affairs

JANUARY 28, 2021

” The “preloading” technique allows the system to load a custom shared library before other system libraries are loaded. If the custom shared library exports a function with the same signature of a library that is located in the system libraries, the custom version will override it.

Libraries 352

Libraries IT Mining Security 352

Data Breach Today

OCTOBER 25, 2024

Hackers Backdoor Software Libraries to Deliver Malware Security researchers found backdoored software packages in the NPM software library, apparent evidence of an ongoing campaign by North Korean hackers to social engineer coders into installing infostealers. Pyongyang hackers have a history of bizarre methods for stealing money.

Libraries 299

Libraries Security 299

Security Affairs

MARCH 30, 2024

Red Hat warns of a backdoor in XZ Utils data compression tools and libraries in Fedora development and experimental versions. Red Hat urges users to immediately stop using systems running Fedora development and experimental versions because of a backdoor in the latest versions of the “xz” tools and libraries. rpm and xz-libs-5.6.0-2.fc40.x86_64.rpm

Libraries 347

Libraries Authentication Access Risk 347

Security Affairs

JULY 7, 2022

“Unlike other threats that hijack shared libraries by modifying the environment variable LD_PRELOAD, this malware uses 2 different ways to load the malicious library. “The shared object hooks functions from 3 libraries: libc, libcap and Pluggable Authentication Module (PAM). ” continues the experts.

Libraries 339

Libraries Cybersecurity Authentication Access 339

Security Affairs

JANUARY 20, 2025

Crooks used names typosquatting popular libraries, such as @async-mutex/mutex , dexscreener , solana-transaction-toolkit and solana-stable-web-huks. Socket researchers have identified multiple packages in the npm and Python Package Index (PyPI) repository designed to target Solana private keys and drain funds from victims’ wallets.

Libraries 252

Libraries Authentication IT Access 252

Security Affairs

DECEMBER 16, 2021

Experts warn that threat actors are actively attempting to exploit a second bug disclosed in the popular Log4j logging library. American web infrastructure and website security company Cloudflare warns that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046 , disclosed in the Log4j library.

Libraries 363

Libraries Ransomware Access Security 363

Security Affairs

MARCH 18, 2021

Then he overwrote the native-libraries with a malicious library created to execute his code. The expert initially noticed that the code will be executed at the successive restart of the Application, so he attempted to find a way to reload the library without relaunching the application.

Libraries 347

Libraries Security Information Security IT 347

Collaboration 2.0

FEBRUARY 28, 2025

Here's how to convert ebook formats, giving you more control over your digital library. Think you're stuck using only Amazon's Kindle format? Think again.

Libraries 302

Libraries 302