TechRepublic

350,000 open source projects at risk from Python vulnerability

Fifteen-year-old N-day Python tarfile module vulnerability puts software supply chain under the microscope. Cybersecurity company Trellix announced Wednesday that a known Python vulnerability puts 350 ...
Bleeping Computer

Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws

Today is Microsoft's December 2024 Patch Tuesday, which includes security updates for 71 flaws, including one actively exploited zero-day vulnerability. This Patch Tuesday fixed sixteen critical ...
Dark Reading

Apache ERP Zero-Day Underscores Dangers of Incomplete Patches

Unknown groups have launched probes against a zero-day vulnerability identified in Apache's OfBiz enterprise resource planning (ERP) framework — an increasingly popular strategy of analyzing patches ...
Computer Weekly

Trellix automates patching for 62,000 vulnerable open source projects

Trellix and GitHub have collectively fixed a total of 61,895 open source projects that were found to be susceptible to a 15-year-old path traversal vulnerability in Python’s tarfile module. The firm’s ...
Computer Weekly

15-year-old Python bug present in 350,000 open source projects

A 15-year-old vulnerability in the open source Python programming language is still finding its way into live code, with the result that over 350,000 projects are at risk of potential supply chain ...