#Linux: #DjVuLibre vulnerability CVE-2025-53367 could be exploited to gain code execution on a Linux Desktop system when the user tries to open a crafted PDF document. The POC works on a fully up-to-date Ubuntu 25.04 (x86_64):

👇

https://github.blog/security/vulnerability-research/cve-2025-53367-an-exploitable-out-of-bounds-write-in-djvulibre/

#Cybersecurity researchers said they have discovered what they say is the first #opensource software supply chain attacks specifically targeting the banking sector. The attacker cleverly utilized #npm packages & Azure's CDN subdomains:

#SupplyChainSecurity

https://thehackernews.com/2023/07/banking-sector-targeted-in-open-source.html