code
-
Blog
CISA flags Craft CMS code injection flaw as exploited in attacks
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks. The flaw is tracked as CVE-2025-23209 and is a high severity (CVSS v3 score: 8.0) code injection (RCE) vulnerability impacting Craft CMS versions 4 and 5. Craft CMS is a content management system (CMS) used for building websites…
Read More » -
Blog
Apiiro unveils free scanner to detect malicious code merges
Security researchers at Apiiro have released two free, open-source tools designed to detect and block malicious code before they are added to software projects to curb supply chain attacks. The two tools consist of a comprehensive ruleset for Semgrep and Opengrep designed to detect malicious code patterns with minimal false positives and PRevent, a GitHub-integrated scanner, that detects and alerts on…
Read More » -
Blog
Flaws in a popular dev library could let hackers run malicious code in your MongoDB database
A researcher has uncovered two related vulnerabilities in a popular developer library used to connect applications and MongoDB that could allow hackers to sneak into your database. Mongoose is an object data modeling (ODM) library for MongDB that connects it to the Node.js runtime environment, essentially simplifying interactions between applications and MongoDB databases The flaws were discovered by Dat Phung,…
Read More » -
Blog
Valve Releases Team Fortress 2 Code, Promises to Update Old Games
Valve’s latest Source SDK update contains the full client and server code for TF2. The company has also confirmed that classic Source Engine titles will soon gain 64-bit binary support. Let’s start with the Team Fortress 2 news, as that’s more prescient than the 64-bit thing. Developers can now access the TF2 game source code for free through the Source…
Read More » -
Blog
Hackers steal emails in device code phishing attacks
An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing. The targets are in the government, NGO, IT services and technology, defense, telecommunications, health, and energy/oil and gas sectors in Europe, North America, Africa, and the Middle East. Microsoft Threat Intelligence Center tracks the threat actors behind the device code…
Read More » -
Blog
whoAMI attacks give hackers code execution on Amazon EC2 instances
Security researchers discovered a name confusion attack that allows access to an Amazon Web Services account to anyone that publishes an Amazon Machine Image (AMI) with a specific name. Dubbed “whoAMI,” the attack was crafted by DataDog researchers in August 2024, who demonstrated that it’s possible for attackers to gain code execution within AWS accounts by exploiting how software projects retrieve…
Read More » -
Blog
How to scan a QR code on Android (5 ways)
QR codes are everywhere, and scanning them on Android is easier than you might think. Most modern Android devices, including Samsung Galaxy smartphones, have built-in QR scanners in the camera app, so you don’t need a separate app. Simply point your camera at the code, and it should work instantly. If your phone doesn’t scan it, that could happen because…
Read More » -
Blog
Data Centres Can Cut Energy Use By Up To 30% With Just About 30 Lines of Code, Research Shows
Research has found that data centres can reduce their energy usage by up to 30% simply by altering around 30 lines of code in the Linux kernel’s network stack. Scientists from the University of Waterloo in Canada identified inefficiencies in the way servers process incoming network traffic. The breakthrough comes from interrupt request suspension, a technique that optimises CPU power…
Read More » -
Blog
What is Quishing? How To Protect Yourself From QR Code Phishing
Summary Quishing is a digital threat where malicious URLs are embedded in QR codes to steal your information or infect devices. QR codes used for parking meters, restaurant payments, and promotions are being tampered with. To protect yourself, use default QR scanners, verify URLs, avoid unknown payment links, and enable browser privacy settings. QR codes are everywhere now: from restaurant…
Read More » -
Blog
Scientists say they can cut data center energy consumption by changing just a few lines of code
Data center energy consumption could be cut by up to 30% simply by changing a few lines of code, according to new research. Most data centers around the world use the open source operating system Linux, and researchers from Canada’s University of Waterloo said this can create efficient data flows, thereby causing energy consumption to increase. “Information arrives at data…
Read More »