CVE-2022-1271 is a new vulnerability affecting gzip, a widely used open source component for archiving, compressing, and decompressing files. CVE-2022-1271, also tracked in the Black Duck KnowledgeBase™ as BDSA-2022-0958, is a bug in gzip, a file format and software application used for archiving, compressing, and decompressing files.

CVE-2022-24814 is a stored XSS vulnerability that can lead to account compromise in the admin application of Directus.

Using the Forrester assessment, you can measure the maturity of your AppSec program to help identify areas for improvement. Any organization that wants to secure its software should make maturity of its AppSec program its holy grail. Maturity means making security the first thought, not an afterthought. It means embedding security into software throughout the development life cycle, not trying to patch it at the last minute before production.

Mobile device management and mobile application management are critical to securing your organization’s data and IoT devices. According to recent research, the average household has 25 connected devices, an increase from 11 in 2019. This widespread adoption, along with a global pandemic, has changed the way we operate and communicate, both personally and professionally.

Two vulnerabilities affecting different Spring projects were identified this week. Here’s what you need to know about Spring4Shell and CVE-2022-22963. The Internet is buzzing with talk about two separate vulnerabilities related to different Spring projects. The two are not related, but have been confused because both vulnerabilities were disclosed at nearly the same time.