Developer Tech

Log4j downloads shows supply chain wake-up call ignored

Ongoing vulnerable Log4j downloads suggest the supply chain crisis wasn't the wake-up call it should have been.

Apache Commons Text: Code injection vulnerability in older versions

Apache Commons Text is used for processing character strings in Java apps. A critical vulnerability allows the injection of ...
SecurityWeek

From Open Source to OpenAI: The Evolution of Third-Party Risk

Software supply chain attacks are evolving as open source and AI-generated code introduce new third-party risks. Learn how ...
Infosecurity Magazine

Log4Shell Downloaded 40 Million Times in 2025

Sonatype has claimed that 13% of Log4j versions downloaded this year were vulnerable to the legacy critical Log4Shell bug ...
Security Boulevard

Microsoft Expands its Bug Bounty Program to Include Third-Party Code

In a nod to the evolving threat landscape that comes with cloud computing and AI and the growing supply chain threats, Microsoft is broadening its bug bounty program to reward researchers who uncover ...
Techzine Europe

Is React2Shell the new Log4Shell?

React Server Components contains a vulnerability that can be exploited on a large scale. To what extent is it similar to the ...
NorthJersey.com

When is the next full moon? Cold supermoon 2025 will rise amid longest nights of the year

The next full moon will be the December 'cold moon' of 2025 — set to rise amid the longest nights of the year as a special, large, bright supermoon that will shine for days and give way to the ...
NPR

That's What They Say

Funner, snuck, and LOL are all things that we're hearing people say these days.That's What They Say is a weekly segment on Michigan Public that explores our changing language. University of Michigan ...