Distroless Builds Are Now SLSA 2
Posted by Priya Wadhwa and Appu Goundan, Google Open Source Security Team A few months ago we announced that we started signing all distroless images with cosign, which allows users…
This cryptocurrency miner is exploiting the new Confluence remote code execution bug
It didn’t take long for CVE-2021-26084 to be added to exploit kits. Read more from the Source
Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation
Microsoft has opened the lid on a large-scale phishing-as-a-service (PHaaS) operation that’s involved in selling phishing kits and email templates as well as providing hosting and automated services at a…
Recently Patched Vulnerabilities in Ninja Forms Plugin Affect Over 1 Million Site Owners
On August 3, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for two vulnerabilities that were discovered in Ninja Forms, a WordPress plugin installed on over 1,000,000…