Trend Micro researchers discovered and reported the eight-year-old defect to Microsoft six months ago. The company hasn’t made any commitments to patch or remediate the issue.
Inexpensive information-stealing malware surged in 2024, infecting 23 million hosts, according to Flashpoint.
Socket researchers said the malware-ridden packages were collectively downloaded over 330 times. GitHub removed all of the malicious packages Wednesday.
The Stop CSAM Act would compel companies to curb online child sexual abuse material, but critics argue it would also weaken encrypted services for all users.
More than three-quarters of the vulnerabilities covered in the vendor’s monthly Patch Tuesday update are high-severity flaws.
The Chinese state-backed espionage group started targeting third-party IT services in late 2024, Microsoft researchers said.
The legislation to make contractors implement VDPs aligned with NIST guidelines is aimed at protecting Americans’ data, co-sponsor Rep. Nancy Mace says.
An amended complaint identifies a number of overseas individuals as key players “at the center of a global cybercrime network” that sold access to jailbroken generative AI tools.
Ian Leatherman | Zero Trust Strategist, Security Solutions Group | Microsoft
Troy Edgar told lawmakers that the Cyber Safety Review Board, which was investigating the Salt Typhoon hack, was “going in the wrong direction.”
