Security Architecture

North Korean state-sponsored hacking operation Lazarus has been targeting VMware Horizon servers in malware attacks exploiting the Log4Shell remote code execution flaw, tracked as CVE-2021-44228, reports BleepingComputer.

Google has introduced the new Assured Open Source Software service, which offers access to Google developers' secure packages for enterprise open-source software users in an effort to strengthen software supply chain security, reports ZDNet.

BleepingComputer reports that malicious actors could exploit a critical vulnerability within the Jupiter Theme and JupiterX Core plugins for WordPress to facilitate privilege escalation.

Threat actors have launched a novel SQL server hacking campaign leveraging the built-in utility "sqlps.exe" to facilitate brute-force attacks and SuspSQLUsage malware deployment, The Hacker News reports.

Threat actors have been launching millions of attacks exploiting a remote code execution flaw in the Tatsu Builder plugin for WordPress, with up to half of the nearly 100,000 websites leveraging the plugin still at risk of attacks, according to BleepingComputer.

The Cybersecurity and Infrastructure Security Agency has temporarily omitted the Windows Local Security Authority Spoofing flaw, tracked as CVE-2022-26925, from its Known Exploited Vulnerability Catalog following a problematic fix issued by Microsoft, reports ZDNet.

BleepingComputer reports that nearly 3% of 2.8 million pages included in the 100,000 top ranking websites worldwide have been found to leak information entered in site forms including usernames, email addresses, passwords, and personal identifiers to third-party trackers prior to submission.