A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine.
“A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox,” GitHub said in an advisory published on September 28, 2022.
The
Related Post
- September 16, 2024
Legacy Ivanti Cloud Service Appliance Being Exploited
CISA wants everyone—and government agencies in particular—to remove or upgrade an Ivanti Cloud Service Appliance (CSA) that is no longer
- September 16, 2024
Apple Drops Spyware Case Against NSO Group, Citing
Apple has filed a motion to “voluntarily” dismiss its lawsuit against commercial spyware vendor NSO Group, citing a shifting risk
- September 16, 2024
Cybercriminals Exploit HTTP Headers for Credential Theft via
Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver spoofed email login
- September 14, 2024
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m speaking at eCrime 2024 in