Newly disclosed vulnerability in PHP package repository highlights growing software supply chain risks
Key takeaway: Attackers are increasingly trying to infiltrate software development environments via malicious and poisoned packages on public code repositories. Robust SBOM and SCA practices are key to mitigating the threat [289 words] What: Researchers at SonarSource have disclosed a new vulnerability (CVE-2022-24828) in PHP package repository Packagist that gives attackers a way to execute […]
Read MoreAttackers Demonstrate Novel Way to Compromise EXSi Hypervisors
Key takeaway: Don’t allow vSphere Installation Bundles (VIBs) to become a vehicle for sneaking malware into your environment. (276 words) What happened: A China-based threat actor installed multiple backdoors on ESXi hypervisors at several organizations using malicious vSphere Installation Bundles. The backdoors enable a lot of bad things including persistent access, arbitrary command execution and […]
Read More