According to Hanley, all four flaws can be exploited by an unauthenticated attacker and can be abused "to coerce the Ivanti [Endpoint Manager] machine account credential to be used in relay attacks, ...

OPSWAT details two critical vulnerabilities in the Mongoose ODM library for MongoDB leading to remote code execution on the Node.js server.

Security researchers at Apiiro have released two free, open-source tools designed to detect and block malicious code before they are added to software projects to curb supply chain attacks.