The new Alpha-Omega Project from the Open Source Security Foundation will offer technical and financial assistance to open source maintainers to help them find and fix security flaws.
Microsoft researchers observed attackers exploiting the Log4Shell bug in the SolarWinds Serv-U software.
White House officials and leaders from Apple, Google, GitHub, and other companies met to discuss ways to improve the security of open source projects critical to national security.
The Iran-linked threat actor is exploiting the infamous Log4j bug in order to execute a new PowerShell data exfiltration toolkit.
Threat actors known as DEV-0401 based in China are exploiting the Log4Shell vulnerability to deploy the NightSky ransomware.