zend framework | Breaking Cybersecurity News | The Hacker News

It's time to update your Drupal websites. Drupal, the popular open-source content management system, has released a new version of its software to patch a security bypass vulnerability that could allow a remote attacker to take control of the affected websites. The vulnerability, tracked as CVE-2018-14773, resides in a component of a third-party library, called Symfony HttpFoundation component , which is being used in Drupal Core and affects Drupal 8.x versions before 8.5.6. Since Symfony—a web application framework with a set of PHP components—is being used by a lot of projects, the vulnerability could potentially put many web applications at risk of hacking. Symfony Component Vulnerability According to an advisory released by Symfony, the security bypass vulnerability originates due to Symfony's support for legacy and risky HTTP headers. "Support for a (legacy) IIS header that lets users override the path in the request URL via the X-Original-URL or X-Rew

A security researcher recently reported a critical vulnerability in one of the most popular open source PHP libraries used to send emails that allowed a remote attacker to execute arbitrary code in the context of the web server and compromise a web application. Disclosed by Polish security researcher Dawid Golunski of Legal Hackers, the issue ( CVE-2016-10033 ) in PHPMailer used by more than 9 Million users worldwide was thought to be fixed with the release of version 5.2.18. However, Golunski managed to bypass the patched version of PHPMailer that was given a new CVE ( CVE-2016-10045 ), which once again put millions of websites and popular open source web apps, including WordPress, Drupal, 1CRM, SugarCRM, Yii, and Joomla, at risk of remote code execution attack. PHPMailer eventually fixed the issue with an update, version 5.2.20 . All versions of PHPMailer before this critical release are affected, so web administrators and developers are strongly recommended to update to t

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo