Packagist, a popular software package repository has revealed that an attacker gained access to 4 inactive accounts on their platform to update more than a dozen packages with a small change which would change the package URL to the forked repositories which could be used to update the packages with malware in future.
For more information: https://thehackernews.com/2023/05/packagist-repository-hacked-over-dozen.html
F5 has released multiple security updates for some of their networking products which addresses multiple vulnerabilities, 6 high and 4 medium impact.
These vulnerabilities could allow an attacker to escalate privileges and execute remote commands.
For more information: https://digital.nhs.uk/cyber-alerts/2023/cc-4315
Zyxel has released security updates for their routers which address multiple vulnerabilities.
These vulnerabilities could allow an attacker to execute commands remotely which would allow an attacker to perform remote code execution or (D)DoS attack.
For more information: https://digital.nhs.uk/cyber-alerts/2023/cc-4313