A command injection vulnerability in the widely used systeminformation npm package has been identified, potentially exposing millions of systems to remote code execution and privilege escalation attacks. The vulnerability, named CVE-2024-56334, is due to inadequate sanitization of the Wi-Fi SSID field in the getWindowsIEEE8021x function. The flaw enables attackers to inject and execute malicious payloads as operating system commands, highlighting the importance of secure coding practices. The vulnerability affects versions ≤5.23.6, and a patch has been released in the version 5.23.7.
North Korean Hackers Use Fake U.S. Companies to Spread Malware in Crypto Industry: Report
North Korean hackers reportedly set up shell companies in the US to penetrate the crypto sector and target developers via fake job offers, according to
