SecurityWeek reports that more than 100 security vulnerabilities affecting several Juniper Networks products have been patched as part of dozens of advisories issued by the firm last week.

The vulnerability is due to a “dangerous nodejs configuration” and has a CVSS score of 9.4.

Windows devices could be targeted with command injection attacks exploiting the maximum severity Rust standard library vulnerability, tracked as CVE-2024-24576, The Hacker News reports.

This month’s bumper crop of patches includes two Microsoft didn’t initially acknowledge were being exploited in the wild.

Jim joins the Security Weekly crew to discuss all things supply chain! Given the recent events with XZ we still have many topics to explore, especially when it comes to practical advice surrounding supply chain threats.

Varonis researchers say until Microsoft issues a patch, companies should watch their SharePoint environments for unusual activity.

The critical SQL injection flaw was reported through Wordfence for a record $5,500 bug bounty.

Binarly has issued a free online tool that would facilitate scanning a newly discovered backdoor and maximum severity vulnerability in xz tools and libraries used by major Linux distributions, tracked as CVE-2024-3094, across Linux binaries amid significant security risks, according to Security Affairs.