Vulns in Jenkins code and Cisco devices that make us think about secure designs, MiraclePtr pulls off a relatively quick miracle, code lasts while domains expire, an "Artificial Intelligence chip" from the 90s, and more!
Numerous Android and Java apps leveraging abandoned open-source libraries, including all technologies based on Apache Maven, could be compromised through the novel MavenGate software supply chain attack technique, reports The Hacker News.
Supply chain attacks possible with TensorFlow CI/CD misconfigurations TensorFlow instances on GitHub and PyPi could have been subjected to supply chain attacks involving the exploitation of continuous integration and continuous delivery vulnerabilities within the open-source machine learning framework, reports The Hacker News.
All GitHub keys that may have been compromised by an unsafe reflection vulnerability, tracked as CVE-2024-0200, could be leveraged to enable remote code execution.