The bipartisan Securing Open Source Software Act is a positive development for open source software everywhere
The vendor has already released security updates to fix the issue
Android, Oracle, Apple, QNAP, MikroTik, Fortinet and NETGEAR vulnerabilities also added to CISA's KEV catalogue
Linux Foundation's OpenSFF releases npm security guide while US agencies NSA and CISA advise on hardening the component supply chain
Tracked as CVE-2022-0028, this high-severity vulnerability has been assigned a CVSS score of 8.6
Immediate patching is needed for exploited vulnerability, it says
All US federal agencies that fall under the Federal Civilian Executive Branch are required to secure their systems against the bug by July 18
Bugs affecting Workspace ONE Access, VMware Identity Manager (vIDM), and vRealize Automation (vRA) should be patched immediately, VMware says
Threat actors are using a vulnerability to wipe endpoints' file systems and render them unusable.
Warning comes as Russian state-sponsored threat group Gamaredon launches attacks on targets in Ukraine