Cybersecurity firm Trellix has patched over 61,000 open-source projects vulnerable to a 15-year-old Python bug related to the tarfile module. The widespread security flaw was reportedly embedded in around 350,000 open-source projects and potentially numerous closed-source projects. Trellix and GitHub used an automated tool to patch the repositories containing the vulnerable code. The Python bug could allow “user-assisted remote attackers” to overwrite arbitrary files. Recent discussions suggest the vulnerability may soon be patched in Python itself.
China-linked cyberespionage group PlushDaemon used South Korean VPN service to inject malware
A China-linked cyberespionage group known as PlushDaemon has reportedly exploited the VPN service of South Korean provider IPany to spread malware and spy on users.
