GitHub: private vulnerability reporting now generally available
The feature makes it easier for researchers and maintainers to report and fix vulnerabilities on public repositories.
This week GitHub announced that private vulnerability reporting is now generally available on all repositories belonging to an organization.
The new dedicated communications c... Read more
Pwn2Own event yields 27 zero-days
Security researchers managed to discover as many as 27 zero-days in major enterprise software during the three days of the Pwn2Own Vancouver 2023 event. Zero-days were found in Windows 11, Ubuntu and macOS, among others, as well as in Oracle and VMware products and Tesla's firmware.
The various ... Read more
Hackers attack security researchers via LinkedIn
North Korean state hackers are behind a new phishing campaign targeting security researchers.
This was discovered by researchers at Mandiant. According to the security provider, North Korean hackers UNC2970 have been conducting a campaign targeting security researchers since last June. With the ... Read more
Vulnerability in Azure Cosmos DB allows for remote code execution
A vulnerability in Microsoft Azure Cosmos DB allowed unauthorized cybercriminals to remotely execute code in Jupyter Notebook.
Microsoft Azure Cosmos DB is a popular noSQL database among retail and e-commerce organizations. Customers use the database for data processing and storage. The integra... Read more
Google paid out $8.7 million to security researchers for vulnerability discovery and reports
Google reported that its Vulnerability Reward Program awarded $8.7 million for vulnerability rewards found in 2021. Researchers donated $300,000 of the rewards to a charity of their choice, according to a blog by Sarah Jacobus of the Vulnerability Rewards Team at Google.
Compared to 2020, the An... Read more
North Korean hackers are now targeting security researchers
Google's Threat Analysis Group warned on Monday that North Korean threat groups have been targeting security researchers who work on vulnerability research and development in various organizations and companies.
The campaign involves threat actors who established a research blog and even created... Read more