Security news.
Today's security brief highlights critical supply chain attacks, with a compromised npm package delivering an infostealer and malicious crypto wallet packages pushed via GitHub. Additionally, several critical vulnerabilities in widely used software like Zimbra and U-Boot have been disclosed, alongside a warning about active exploitation campaigns targeting vulnerable CMS platforms.
Compromised jscrambler npm Package Drops Rust Infostealer
The jscrambler 8.14.0 npm package was compromised, executing a Rust infostealer on installation for Windows, macOS, and Linux users.
Critical Zimbra Flaw Allows Malicious Code Execution
Zimbra has urged customers to update their Classic Web Client to address a critical stored cross-site scripting (XSS) vulnerability that could allow crafted emails to execute malicious code in user sessions.
RedHook Android Malware Abuses Wireless ADB
A new variant of the RedHook Android malware is exploiting the Android Wireless Debugging (Wireless ADB) mechanism to gain shell-level privileges on devices without needing a physical connection.
Australia Warns of Global CMS Exploitation Campaign
The ACSC has issued an alert regarding an active global campaign exploiting vulnerabilities in various Content Management Systems (CMS) and their plugins.
New U-Boot Flaws Enable Stealthy Firmware Attacks
Six vulnerabilities were found in the widely used U-Boot bootloader, allowing attackers to execute malicious code during device boot, potentially compromising security and installing persistent malware.
Injective Labs GitHub Compromise Pushes Malicious npm Packages
Threat actors compromised the Injective Labs SDK project's GitHub, pushing a malicious npm package (@injectivelabs/[email protected]) designed to steal cryptocurrency wallet private keys and mnemonic seed phrases.
Hackers Exploit Critical Auth Bypass in Gitea Docker Image
A critical vulnerability in the official Gitea Docker image is being actively exploited by hackers to impersonate any user, including administrators.
Progress Urges ShareFile Admins to Shut Down Servers Over Credible Threat
Progress Software has advised ShareFile customers using Storage Zone Controllers to immediately shut down their servers due to a "credible external security threat" targeting the on-premises software.