The Apache Software Foundation (ASF) has addressed a vulnerability in Kafka Connect that could enable remote code execution (RCE) attacks. The flaw was spotted by bug bounty hunter Jari Jääskelä, who received a $5,000 reward. To exploit the vulnerability, an attacker would need access to a Kafka Connect worker and be able to create or modify worker connectors. More than 80% of Fortune 100 firms use the Kafka platform.

Hackers are selling counterfeit phones with crypto-stealing malware
Kaspersky has identified thousands of low-cost Android smartphones sold online that come with preinstalled malware programmed to steal cryptocurrency details. The devices are infected with