The web development community was affected by a supply chain attack on the popular Polyfill.io JavaScript library last week. Polyfill.js supports modern tools on older web browsers for cross-compatibility. In February 2024, the Polyfill.io domain and GitHub account were acquired by Funnull, a Chinese CDN company. This raised concerns about …

Apache Software Foundation released Apache HTTP Server version 2.4.61 to fix a serious source code disclosure vulnerability (CVE-2024-39884). This flaw could expose sensitive server information to malicious actors. The CVE-2024-39884 vulnerability is caused by a problem in how old content-type configurations are managed. The “AddType” directive and similar settings, when …

Microsoft’s cybersecurity team found two major vulnerabilities in Rockwell Automation’s PanelView Plus, a widely used human-machine interface in industrial settings. There are two vulnerabilities, CVE-2023-2071 and CVE-2023-29464, that can be used by attackers without authentication. They can use these vulnerabilities for remote code execution (RCE) and denial-of-service (DoS) attacks. The …