Security Affairs

DECEMBER 27, 2021

Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities in the Apache Log4j library. Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE2021-4104, and CVE-2021-42550) in the Apache Log4j library warning of the need to adopt protective measures.

Libraries 363

Libraries Honeypots Security IT 363

Security Affairs

DECEMBER 1, 2021

Mozilla fixed a critical memory corruption issue affecting its cross-platform Network Security Services (NSS) set of cryptography libraries. Mozilla has addressed a heap-based buffer overflow vulnerability (CVE-2021-43527) in its cross-platform Network Security Services (NSS) set of cryptography libraries. and NSS 3.73

Libraries 352

Libraries Security CMS Communications 352

Security Affairs

FEBRUARY 1, 2021

Google discovered a flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption library that could be exploited to get remote code execution. It’s also the crypto library used by systemd for DNSSEC. The team recommends users to stop using the vulnerable version of the library. which we released last week.

Libraries 361

Libraries Encryption Privacy IT 361

Security Affairs

JANUARY 30, 2024

Qualys researchers discovered a root access flaw, tracked as CVE-2023-6246, in GNU Library C (glibc) affecting multiple Linux distributions. The Qualys Threat Research Unit discovered four security vulnerabilities in the GNU Library C (glibc) , including a heap-based buffer overflow tracked as CVE-2023-6246. in August 2022.

Libraries 346

Libraries Access Security IT 346

Security Affairs

MAY 6, 2023

The FBI disrupted once again the illegal eBook library Z-Library the authorities seized several domains used by the service. The Federal Bureau of Investigation (FBI) seized multiple domains used by the illegal shadow eBook library Z-Library. The library is still reachable through TOR and I2P networks.

Libraries 246

Libraries Access Cybersecurity Security 246

Security Affairs

OCTOBER 10, 2023

A vulnerability in the libcue library impacting GNOME Linux systems can be exploited to achieve remote code execution (RCE) on affected hosts. A threat actor can trigger a vulnerability, tracked as CVE-2023-43641 (CVSS score: 8.8), in the libcue library impacting GNOME Linux systems to achieve remote code execution (RCE) on affected hosts.

Libraries 316

Libraries Security IT Access 316

Security Affairs

SEPTEMBER 27, 2023

Google assigned a maximum score to a critical security flaw, tracked as CVE-2023-5129, in the libwebp image library for rendering images in the WebP format. Google assigned a new CVE identifier for a critical vulnerability, tracked as CVE-2023-5129 (CVSS score 10,0), in the libwebp image library for rendering images in the WebP format.

Libraries 336

Libraries IT Security Information Security 336

Data Breach Today

MARCH 18, 2024

The Python Library Flaw Allows Directory Traversal Attacks Hackers who are possibly members of a criminal group affiliated with numerous ransomware-as-a-service operations are exploiting a directory traversal vulnerability in a Python library that allows unauthenticated remote attackers access to sensitive information from server files.

Libraries 289

Libraries Ransomware Access 289

Security Affairs

JANUARY 3, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chrome and Perl library flaws to its Known Exploited Vulnerabilities catalog. The root cause of the problem is a weakness in the Spreadsheet::ParseExcel third-party library. This library is used by the Amavis virus scanner that runs on Barracuda ESG appliances.

Libraries 338

Libraries IT Cybersecurity Risk 338

Security Affairs

DECEMBER 10, 2021

Experts publicly disclose Proof-of-concept exploits for a critical zero-day vulnerability in the Apache Log4j Java-based logging library. Experts publicly disclose Proof-of-concept exploits for a critical remote code execution zero-day vulnerability, tracked a CVE-2021-44228 (aka Log4Shell ), in the Apache Log4j Java-based logging library.

Libraries 364

Libraries IT Cloud Data breaches 364

Security Affairs

MAY 3, 2022

A vulnerability in the domain name system (DNS) component of the uClibc library impacts millions of IoT products. Nozomi Networks warns of a vulnerability, tracked as CVE-2022-05-02, in the domain name system (DNS) component of the uClibc library which is used by a large number of IoT products. ” continues the advisory.

Libraries 317

Libraries IoT Security Cybersecurity 317

Security Affairs

NOVEMBER 5, 2021

Two popular npm libraries, coa and rc. The security team of the npm JavaScript package warns that two popular npm libraries, coa and rc. Two npm libraries that have a total of 23 million weekly downloads, a data that is worrisome. The post npm libraries coa and rc. while compromised rc versions are 1.2.9,

Libraries 331

Libraries Passwords Access Security 331

Security Affairs

APRIL 15, 2023

The Goldoson library was discovered by researchers from McAfee’s Mobile Research Team, it collects lists of applications installed on a device, and a history of Wi-Fi and Bluetooth devices information, including nearby GPS locations. The experts have found more than 60 applications in Google Play that were containing the malicious library.

Libraries 246

Libraries Data collection Education Security 246

Security Affairs

MARCH 26, 2025

Mojo is Googles IPC library for Chromium-based browsers, managing sandboxed processes for secure communication. The vulnerability is an incorrect handle provided in unspecified circumstances in Mojo on Windows. Kaspersky researchers Boris Larin (@oct0xor) and Igor Kuznetsov (@2igosha) reported the vulnerability on March 20, 2025.

Libraries 292

Libraries Communications Security IT 292

CILIP

FEBRUARY 11, 2025

Libraries Week: Libraries Change Lives in June and Green Libraries Week in October SAVE THE DATES 2025: Libraries Change Lives will take place in June and Green Libraries Week in October. The new annual programme for campaigns is: Libraries Week: Libraries Change Lives , Monday 2 June Sunday 8 June 2025.

Libraries 74

Libraries Education IT 74

CILIP

JANUARY 31, 2025

Invitation to tender: Future ready libraries CILIP is inviting researchers to undertake a gap analysis and consultation with sector experts to create a comprehensive review of training provision for leadership in the public library workforce in England.

Libraries 79

Libraries Access Government 79

Security Affairs

OCTOBER 11, 2024

” The Internet Archive is an American nonprofit digital library website that provides free access to collections of digitized materials including websites, software applications, music, audiovisual, and print materials. As of September 5, 2024, the Internet Archive held more than 42.1 million print materials, 13 million videos, 1.2

Archiving 306

Archiving Data breaches Passwords File names 306

Security Affairs

MARCH 13, 2025

“GitLab has remediated two privately disclosed security issues (CVE-2025-25291, CVE-2025-25292) identified in the ruby-saml library which GitLab uses when SAML SSO authentication is enabled at the instance or group level.” This library is, however, used in other popular projects and products.” addressed the issue.

Authentication 172

Authentication Libraries Data breaches Security 172

Security Affairs

JANUARY 15, 2025

An attackers with root access can to add a custom file system bundle to /Library/Filesystems. Since an attacker that can run as root can drop a new file system bundle to/Library/Filesystems, they can later triggerstoragekitdto spawn custom binaries, hence bypassing SIP.” ” concludes Microsoft.

Libraries 271

Libraries Access Privacy IT 271

Security Affairs

APRIL 17, 2025

The APT employs DLL sideloading by packaging malicious libraries with vulnerable executables, enabling stealthy execution of payloads and evasion of detection. The experts analyzed three distinct variants of the ToneShell backdoor, each utilizing DLL sideloading to execute malicious payloads.

IT 272

IT Archiving Encryption Communications 272

Collaboration 2.0

APRIL 17, 2025

This dual-feature docking station/external storage drive is a great way to expand your storage and increase connectivity at the same time.

Libraries 261

Libraries 261

Security Affairs

APRIL 15, 2025

In early April, experts warned of another critical vulnerability impacting Apache Parquets Java Library. Apache Parquets Java Library is a software library for reading and writing Parquet files in the Java programming language. The researcher Haining Meng reported the vulnerability.

Passwords 134

Passwords Access Libraries Big data 134

Security Affairs

SEPTEMBER 3, 2024

These flaws could allow attackers to inject malicious libraries into Microsoft’s apps and steal permissions. Despite these risks, Microsoft considers the issues low-risk and declined to fix them, stating that some apps need to allow unsigned libraries for plugin support.

Libraries 331

Libraries Risk Access Security 331

Collaboration 2.0

DECEMBER 22, 2024

Who is liable: the product maker, the library coder, or the company that chose the product? Our Part 2 analysis examines this sticky issue if a catastrophic outcome occurs.

Libraries 353

Libraries 353

Security Affairs

JANUARY 28, 2021

” The “preloading” technique allows the system to load a custom shared library before other system libraries are loaded. If the custom shared library exports a function with the same signature of a library that is located in the system libraries, the custom version will override it.

Libraries 356

Libraries IT Mining Security 356

Data Breach Today

OCTOBER 25, 2024

Hackers Backdoor Software Libraries to Deliver Malware Security researchers found backdoored software packages in the NPM software library, apparent evidence of an ongoing campaign by North Korean hackers to social engineer coders into installing infostealers. Pyongyang hackers have a history of bizarre methods for stealing money.

Libraries 299

Libraries Security 299

Security Affairs

JULY 7, 2022

“Unlike other threats that hijack shared libraries by modifying the environment variable LD_PRELOAD, this malware uses 2 different ways to load the malicious library. “The shared object hooks functions from 3 libraries: libc, libcap and Pluggable Authentication Module (PAM). ” continues the experts.

Libraries 345

Libraries Cybersecurity Authentication Access 345

Data Breach Today

APRIL 5, 2024

A Fake Software Library Made Up by a ChatBot Was Downloaded More Than 35,000 Times Generative artificial intelligence is good at sounding authoritative - even when it's making stuff up. Especially when developers use AI tools that hallucinate entire software libraries.

Artificial Intelligence 321

Artificial Intelligence Libraries IT 321

Security Affairs

MARCH 18, 2021

Then he overwrote the native-libraries with a malicious library created to execute his code. The expert initially noticed that the code will be executed at the successive restart of the Application, so he attempted to find a way to reload the library without relaunching the application.

Libraries 352

Libraries Security Information Security IT 352

Security Affairs

DECEMBER 16, 2021

Experts warn that threat actors are actively attempting to exploit a second bug disclosed in the popular Log4j logging library. American web infrastructure and website security company Cloudflare warns that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046 , disclosed in the Log4j library.

Libraries 363

Libraries Ransomware Access Security 363