[HackerNews] Unpatched Supply-Chain Flaw Affects ‘Pling Store’ Platforms for Linux Users

Cybersecurity researchers have disclosed a critical unpatched vulnerability affecting Pling-based free and open-source software (FOSS) marketplaces for Linux platform that could be potentially abused to stage supply chain attacks and achieve remote code execution (RCE).
“Linux marketplaces that are based on the Pling platform are vulnerable to a wormable [cross-site scripting] with potential for

Source: Read More (The Hacker News)

You might be interested in …

[HackerNews] How Extended Security Posture Management Optimizes Your Security Stack

All posts, HackerNews

As a CISO, one of the most challenging questions to answer is “How well are we protected right now?” Between the acceleration of hackers’ offensive capabilities and the dynamic nature of information networks, a drift in the security posture is unavoidable and needs to be continuously compensated. Therefore, answering that question implies continuously validating the […]

Read More

Daily NCSC-FI news followup 2021-11-10

Zero-Day Disclosure: Palo Alto Networks GlobalProtect VPN CVE-2021-3064 www.randori.com/blog/cve-2021-3064/ On November 10, 2021 Palo Alto Networks (PAN) provided an update that patched CVE-2021-3064 which was discovered and disclosed by Randori. This vulnerability affects PAN firewalls using the GlobalProtect Portal VPN and allows for unauthenticated remote code execution on vulnerable installations of the product. The issue […]

Read More

[SecurityWeek] 14 New Vulnerabilities Discovered in BusyBox

All posts, Security Week

Researchers from software development company JFrog and industrial cybersecurity firm Claroty have identified a total of 14 new vulnerabilities in BusyBox, and on Tuesday they detailed some of their findings. read more Source: Read More (SecurityWeek RSS Feed)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.