Multiple security vulnerabilities have been discovered in the open-source Netgate pfSense firewall solution called pfSense that could be chained by an attacker to execute arbitrary commands on susceptible appliances.
The issues relate to two reflected cross-site scripting (XSS) bugs and one command injection flaw, according to new findings from Sonar.
"Security inside a local network is often
Security researchers have warned about an "easily exploitable" flaw in the Microsoft Visual Studio installer that could be abused by a malicious actor to impersonate a legitimate publisher and distribute malicious extensions.
"A threat actor could impersonate a popular publisher and issue a malicious extension to compromise a targeted system," Varonis researcher Dolev TalerΒ said. "Malicious
New research has found that it is possible for threat actors to abuse a legitimate feature in GitHub Codespaces to deliver malware to victim systems.
GitHub CodespacesΒ is a cloud-based configurable development environment that allows users to debug, maintain, and commit changes to a given codebase from a web browser or via an integration in Visual Studio Code.
It also comes with a port
A new attack vector targeting the Visual Studio Code extensions marketplace could be leveraged to upload rogue extensions masquerading as their legitimate counterparts with the goal of mounting supply chain attacks.
The technique "could act as an entry point for an attack on many organizations," Aqua security researcher Ilay GoldmanΒ saidΒ in a report published last week.
VS Code extensions,
Login
FreshRSS