Open source code continues its steady takeover of codebases, and organizations have made slight gains in eliminating out-of-date and vulnerable components.
Members of BlackMatter, and possibly REvil, have likely resurfaced in the new ransomware-as-a-service group ALPHV, whose primary tool is the BlackCat malware.
Like other software-reliant firms, the company raised its rewards to spur additional scrutiny by security researchers.
But "old habits are hard to break," with 48% of developers still shipping code with vulnerabilities.
Internet scan indicates hundreds of thousands of vulnerable installations, while data from the major Java repository suggests millions, firms say.
The exploit requires a specific nonstandard configuration to work, limiting the danger it poses, but future research could turn up more broadly usable attacks.
A proof-of-concept exploit allows remote compromises of Spring Web applications.
Whether compromising misconfigured cloud infrastructure or taking advantage of free-tier cloud development platforms, attackers see a vast pool of workloads to use for cryptomining.
Companies have trouble retaining workers, with almost two-thirds of business reporting unfilled positions and massive unmet demand for technical cybersecurity professionals, study shows.
Attempting to catch up with CrowdStrike, Microsoft, and Trend Micro, the Helsinki-based endpoint-protection firm "de-merges" its consumer-security business to focus on businesses.