OpenSSL Releases Patch for High-Severity Bug that Could Lead to RCE Attacks

2022-07-06 - The maintainers of the OpenSSL project have released patches to address a high-severity bug in the cryptographic library that could potentially lead to remote code execution under certain scenarios. The issue, now assigned the identifier CVE-2022-2274, has been described as a case of heap memory corruption with RSA private key operation that was introduced in OpenSSL version 3.0.4 released on

Source:, Ravie Lakshmanan

Bitter APT Hackers Continue to Target Bangladesh Military Entities

2022-07-06 - Military entities located in Bangladesh continue to be at the receiving end of sustained cyberattacks by an advanced persistent threat tracked as Bitter. "Through malicious document files and intermediate malware stages the threat actors conduct espionage by deploying Remote Access Trojans," cybersecurity firm SECUINFRA said in a new write-up published on July 5. The findings from the

Source:, Ravie Lakshmanan

The End of False Positives for Web and API Security Scanning?

2022-07-06 - July may positively disrupt and adrenalize the old-fashioned Dynamic Application Security Scanning (DAST) market, despite the coming holiday season. The pathbreaking innovation comes from ImmuniWeb, a global application security company, well known for, among other things, its free Community Edition that processes over 100,000 daily security scans of web and mobile apps.  Today, ImmuniWeb

Source:, The Hacker News

Researchers Share Techniques to Uncover Anonymized Ransomware Sites on Dark Web

2022-07-06 - Cybersecurity researchers have detailed the various measures ransomware actors have taken to obscure their true identity online as well as the hosting location of their web server infrastructure. "Most ransomware operators use hosting providers outside their country of origin (such as Sweden, Germany, and Singapore) to host their ransomware operations sites," Cisco Talos researcher Paul Eubanks 

Source:, Ravie Lakshmanan

Researchers Uncover Malicious NPM Packages Stealing Data from Apps and Web Forms

2022-07-06 - A widespread software supply chain attack has targeted the NPM package manager at least since December 2021 with rogue modules designed to steal data entered in forms by users on websites that include them. The coordinated attack, dubbed IconBurst by ReversingLabs, involves no fewer than two dozen NPM packages that include obfuscated JavaScript, which comes with malicious code to harvest

Source:, Ravie Lakshmanan

Ett stort företag börjar från små.
Grundades 2015
let's talk about your project

Innehållet i detta e-postmeddelande är konfidentiellt och avsett endast för den mottagare som anges i meddelandet.