Tag: compromise

security

​​Supply Chain Compromise Impacts Axios Node Package Manager​

The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this alert to provide guidance in response to the software supply chain compromise of the Axios node package manager (npm).1 Axios is an HTTP client for JavaScript that developers commonly use in Node.js and browser environments.  On March 31, 2026, two npm packages for versions axios@1.14.1 […]

Mehr lesen →
security

SANS Stormcast Friday, April 17th, 2026: DVRs Again; Cisco Again; Windows Defender Again; Sonatype

Compromised DVRs and Finding Them in the Wild https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Compromised%20DVRs%20and%20Finding%20Them%20in%20the%20Wild/32886 Cisco ISE RCE Vulnerability and WebEx Auth Bypass CVE-2026-20184 CVE-2026-20180 CVE-2026-20186 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL Windows Defender 0-Day (RedSun) https://github.com/Nightmare-Eclipse/RedSun Sonatype Vulnerability CVE-2026-5189 https://support.sonatype.com/hc/en-us/articles/50817138825491-CVE-2026-5189-Nexus-Repository-3-Hardcoded-Credential-in-Internal-Database-Component-2026-04-15

Mehr lesen →
security

SANS Stormcast Tuesday, April 14th, 2026: EncystPHP Webshell; CPUID Compromise; OpenAI Mac Cert Issue; Axios Vulnerability

Scans for EncystPHP Webshell https://isc.sans.edu/diary/Scans%20for%20EncystPHP%20Webshell/32892 CPUID Compromise https://securelist.com/tr/cpu-z/119365/ https://x.com/d0cTB/status/2042520961824559150 OpenAI Mac Application Update due to Axios Compromise https://openai.com/index/axios-developer-tool-compromise/ Axios Vulnerability CVE-2026-40175 https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx

Mehr lesen →