Alert: Malicious RubyGems Impersonate Fastlane Plugins, Steal CI/CD Data

June 3, 2025

Alert: Malicious RubyGems Impersonate Fastlane Plugins, Steal CI/CD Data

Socket’s Threat Research Team has uncovered a targeted supply chain attack leveraging malicious RubyGems impersonating Fastlane plugins. The attackers exploited heightened demand for Telegram workarou …

Published Date:
Jun 04, 2025 (3 hours, 13 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2023-22794

CVE-2021-33621

Source: Read More

Previous ArticleCritical CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed

Next Article CodeSOD: Anything and Everything

Highlights

CVE-2025-4592 – WordPress Free AI Image Generator CSRF Vulnerability

June 14, 2025

CVE ID : CVE-2025-4592

Published : June 14, 2025, 9:15 a.m. | 4 hours, 56 minutes ago

Description : The AI Image Lab – Free AI Image Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the ‘wpz-ai-images’ page. This makes it possible for unauthenticated attackers to update the plugin’s API key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Top 10 Use Cases of Vibe Coding in Large-Scale Node.js Applications

Cloudsmith launches ML Model Registry to provide a single source of truth for AI models and datasets

Kong Acquires OpenMeter to Unlock AI and API Monetization for the Agentic Era

Microsoft Graph CLI to be retired

‘Cronos: The New Dawn’ was by far my favorite experience at Gamescom 2025 — Bloober might have cooked an Xbox / PC horror masterpiece

ASUS built a desktop gaming PC around a mobile CPU — it’s an interesting, if flawed, idea

Hollow Knight: Silksong arrives on Xbox Game Pass this week — and Xbox’s September 1–7 lineup also packs in the horror. Here’s every new game.

The Xbox remaster that brought Gears to PlayStation just passed a huge milestone — “ending the console war” and proving the series still has serious pulling power

Magento (Adobe Commerce) or Optimizely Configured Commerce: Which One to Choose

Magento (Adobe Commerce) or Optimizely Configured Commerce: Which One to Choose

Updates from N|Solid Runtime: The Best Open-Source Node.js RT Just Got Better

Scale Your Business with AI-Powered Solutions Built for Singapore’s Digital Economy

‘Cronos: The New Dawn’ was by far my favorite experience at Gamescom 2025 — Bloober might have cooked an Xbox / PC horror masterpiece

‘Cronos: The New Dawn’ was by far my favorite experience at Gamescom 2025 — Bloober might have cooked an Xbox / PC horror masterpiece

ASUS built a desktop gaming PC around a mobile CPU — it’s an interesting, if flawed, idea

Hollow Knight: Silksong arrives on Xbox Game Pass this week — and Xbox’s September 1–7 lineup also packs in the horror. Here’s every new game.

Alert: Malicious RubyGems Impersonate Fastlane Plugins, Steal CI/CD Data

Alert: Malicious RubyGems Impersonate Fastlane Plugins, Steal CI/CD Data

CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation

Pennsylvania Attorney General’s Office Recovers from Ransomware Attack

Microsoft & OpenAI Reportedly Closing In A New Deal to Extend Access to AI Tech After AGI Breakthrough

CVE-2025-48470 – Citrix Stored Cross-Site Scripting Vulnerability

PERFIXION 2025: Powering AI Ideas

VS meldt actief misbruik van kritiek lek in Erlang Erlang/OTP SSH Server

CVE-2025-4592 – WordPress Free AI Image Generator CSRF Vulnerability

Why Adobe Firefly might be the only AI image tool that actually matters

Transforming Operations: How AI Can Elevate Your Business Efficiency

CVE-2025-32888 – GoTenna Mesh Hardcoded Verification Token Vulnerability

Alert: Malicious RubyGems Impersonate Fastlane Plugins, Steal CI/CD Data

Alert: Malicious RubyGems Impersonate Fastlane Plugins, Steal CI/CD Data

Related Posts