One of two packages deemed to warrant further investigation purported to be the GitHub ‘cli’ repository that is widely used for building CLI (command-line interface) Go projects.

An unsecured server belonging to Polecat, a data analytics company, exposed an estimated 30 terabytes of business records online, resulting in the firm being held to ransom.

A novel alternative to traditional HTTP request smuggling that spotlighted an obsolete, hitherto obscure protocol has been recognized as 2020’s top web hacking technique.

Security researchers at Detectify have discovered a series of middleware misconfigurations in Nginx config files from GitHub that could leave web applications vulnerable to attack.

The maintainers of systeminformation, a Node.js package used for getting hardware, system, and OS information, have patched a bug that left applications vulnerable to command injection attacks.

Cashalo, which offers cash loans and other financial services in the Philippines, confirmed that “illegal access” of a database has resulted in the leak of some personally identifiable information.

Over 600 enterprises, universities, and government agencies may have inadvertently exposed their login credentials – many with administrator privileges – due to a vulnerability in ServiceNow.

Critical zero-day vulnerabilities in Gaper, an ‘age gap’ dating app, could be exploited to compromise any user account and potentially extort users, security researchers claim.

In a breach notification statement, Hoffman said that as soon as it discovered the problem it “disabled the affected systems, took steps to secure our network, and began an investigation”.

The highest threat to systems running affected versions of SQLite, a C-language library that implements an SQL database engine, is to system availability, according to a Red Hat Bugzilla thread.