实战|从CVE-2024-21626看Docker容器逃逸——runc文件描述符泄漏的四种攻击变体
一个fd没关,就能从容器逃到宿主机。CVE-2024-21626(CVSS 8.6)的完整技术复盘,四种攻击变体逐个复现,附红蓝评分和生产级防御方案。
Four AsyncAPI packages previously affected by the Shai-Hulud: The Second Coming campaign have been compromised again, with new malicious releases delivering a RAT-focused build of the Miasma worm. The impacted versions are @asyncapi/generator 3.3.13.3.13.3.1, @asyncapi/generator-components 0.7.10.7.10.7.1, @asyncapi/generator-helpers 1.1.11.1.11.1.1, and @asyncapi/specs 6.11.26.11.26.11.2 and 6.11.2−alpha.16.11.2-alpha.16.11.2−alpha.1. Unlike the prior Miasma activity, the AsyncAPI packages do not use malicious […]
The post Miasma Worm Returns as RAT-First npm Attack With Automatic Propagation Disabled appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.