Sixty vulnerabilities were patched in the latest version of file transfer utility Rsync, including two allowing malicious code execution on servers. Clients only need anonymous read-access for exploitation. Hackers could also control a server to read/write files from any connected client, potentially extracting sensitive data. All issues affect Rsync versions prior to v3.4.0. Users are urged to implement the fixes, and updated Rsync packages have been released for Ubuntu and Debian.

Sonatype reports rise in open source malware to 17,954
The 1Q 2025 Open Source Malware Index from Sonatype revealed that open source malware packages doubled compared to the same period last year, with 56%