Text4Shell flaw undergoing reanalysis

NIST says CVE-2022-42889 in Apache Commons Text has been modified [300 words] What: NIST has updated its entry in the National Vulnerability Database pertaining to the Text4Shell vulnerability in Apache Commons Text (CVE-2022-42889). According to it, the vulnerability is undergoing reanalysis—something that happens when new details emerge about a flaw or when there’s reason to […]

Read More
Emerging Threats Supply Chain Vulnerabilities

Newly disclosed vulnerability in PHP package repository highlights growing software supply chain risks

Key takeaway: Attackers are increasingly trying to infiltrate software development environments via malicious and poisoned packages on public code repositories. Robust SBOM and SCA practices are key to mitigating the threat [289 words] What: Researchers at SonarSource have disclosed a new vulnerability (CVE-2022-24828) in PHP package repository Packagist that gives attackers a way to execute […]

Read More