A command injection vulnerability in the widely used systeminformation npm package has been identified, potentially exposing millions of systems to remote code execution and privilege escalation attacks. The vulnerability, named CVE-2024-56334, is due to inadequate sanitization of the Wi-Fi SSID field in the getWindowsIEEE8021x function. The flaw enables attackers to inject and execute malicious payloads as operating system commands, highlighting the importance of secure coding practices. The vulnerability affects versions ≤5.23.6, and a patch has been released in the version 5.23.7.
Russian-Linked Cyber Espionage Hits Kazakhstan with Dangerous Malware
Hackers linked to the Russian Government, known as UAC-0063, have been attacking Kazakhstan in an effort to gather economic, political, and strategic intelligence. Known for
