VulnHub

Real-time Cybersecurity News

Three-Quarters of Firms Knowingly Ship Vulnerable Code

Infosecurity Magazine

Overview

A recent report reveals that about 75% of companies knowingly distribute code containing vulnerabilities. This situation arises from the increasing reliance on third-party suppliers and unverified code, particularly in the context of artificial intelligence. Businesses often prioritize speed and efficiency over security, leading to potential risks in their supply chains. The findings raise significant concerns about the security of software products, as these vulnerabilities can be exploited by malicious actors. Companies must take a more proactive approach to vetting their suppliers and ensuring that the code they use is secure to protect themselves and their customers.

Key Takeaways

  • Action Required: Companies should implement stricter vetting processes for third-party code and conduct regular security audits.
  • Timeline: Disclosed on October 2023

Original Article Summary

AI risks threaten to permeate supply chains through unvetted code and unaudited suppliers

Impact

Not specified

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Disclosed on October 2023

Remediation

Companies should implement stricter vetting processes for third-party code and conduct regular security audits.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

Trump postpones executive order focused on AI security

CyberScoop

Former President Trump has decided to delay an executive order aimed at enhancing security measures surrounding artificial intelligence. The proposed order would have required federal agencies, including the NSA and the Treasury Department, to evaluate new AI models for potential cybersecurity and national security risks within a 90-day timeframe. This postponement raises concerns about the government's ability to address the growing complexities of AI technology in relation to security. As AI continues to evolve, the need for clear guidelines and assessments becomes increasingly urgent to protect sensitive data and national interests. The implications of this delay could impact how swiftly the government can adapt to emerging threats posed by advanced technologies.

May 21, 2026

Teenager from Odesa suspected of running infostealer malware operation

SCM feed for Latest

A teenager from Odesa is under investigation for allegedly operating an infostealer malware campaign from 2024 to 2025. The malware was designed to infect user devices, targeting browser sessions and stealing account credentials. This operation could have affected a significant number of users, as information-stealing malware is common and can lead to identity theft and financial loss. The case highlights ongoing cybersecurity challenges, particularly with young individuals engaging in malicious activities online. Authorities are taking this incident seriously, as it raises concerns about the growing trend of cybercrime among teenagers.

May 21, 2026

Attackers exploit SonicWall VPN vulnerability to bypass MFA

SCM feed for Latest

A newly discovered vulnerability, identified as CVE-2024-12802, affects SonicWall Gen6 SSL-VPN appliances. This security flaw allows attackers to bypass multi-factor authentication (MFA) by using a specific user principal name (UPN) login format. Organizations using these appliances could be at risk, as this vulnerability may enable unauthorized access to sensitive systems. Companies that rely on SonicWall for secure remote access should take immediate action to assess their exposure to this threat. Given the critical role of MFA in securing remote connections, this issue underscores the need for vigilance and prompt remediation.

May 21, 2026

CISA chief frets about open-source vulnerabilities, delayed security improvements

CyberScoop

Nick Andersen, the acting director of the Cybersecurity and Infrastructure Security Agency (CISA), expressed concerns about the rising vulnerabilities in open-source software amidst a surge of malware attacks. These attacks are targeting publicly available technologies that developers often use for collaboration. Andersen emphasized that many organizations are delaying necessary security improvements, which puts them at greater risk. The reliance on open-source tools without adequate security measures can lead to significant breaches, affecting not only individual organizations but also the broader tech ecosystem. As more companies adopt open-source solutions, the need for stronger security practices becomes urgent.

May 21, 2026

Cybercriminal VPN Dismantled in Europol Crackdown

Infosecurity Magazine

Europol has successfully dismantled First VPN, a virtual private network service that was reportedly used by ransomware groups and online fraudsters. This operation aimed to disrupt the infrastructure that allowed cybercriminals to operate anonymously while committing various cybercrimes, including extortion and identity theft. By taking down this VPN, Europol has made it more challenging for these actors to hide their identities and conduct illicit activities. The operation is part of a broader effort to combat cybercrime across Europe, which has seen an increase in ransomware incidents and online fraud. This crackdown serves as a reminder of the ongoing battle against cybercriminals who exploit technology to evade law enforcement.

May 21, 2026

GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension

Infosecurity Magazine

A recent security incident has revealed that a threat actor compromised a developer associated with the Nx framework and then impersonated a legitimate maintainer to publish a malicious extension on the Visual Studio Marketplace. This extension, known as 'Nx Console', posed a significant risk to users of Visual Studio Code by potentially allowing attackers to execute harmful code on their systems. Developers who installed this extension may have inadvertently exposed their projects and sensitive data to exploitation. The incident raises concerns about the security of third-party extensions and the need for developers to be vigilant about the tools they use. Users are advised to review their installed extensions and ensure they have not inadvertently installed the malicious version.

May 21, 2026