The Frag ransomware is exploiting a critical flaw in Veeam Backup & Replication software known as CVE-2024-40711 to deploy malware, according to cybersecurity researchers at Sophos. Despite Veeam having released fixes for multiple vulnerabilities in September 2024, attacker are still using compromised VPN gateways to access systems and exploit this flaw. STAC 5881, a cyber threat actor, has been identified as exploiting this vulnerability to deploy Frag ransomware on compromised networks.
Packagist Warns: Update Composer Now After GitHub Actions Token Leak
A sudden change in GitHub’s token format has triggered an unexpected security vulnerability in Composer, exposing sensitive authentication tokens in CI/CD logs and forcing Packagist
