Critical Vulnerabilities Exploited in ProjectSend, npm Ecosystem, and Zabbix (CVE-2024-42327, CVSS 9.9)

A critical vulnerability (CVE-2024-11680) in the ProjectSend file-sharing application is being actively exploited by malicious actors. The flaw allows attackers to execute malicious code on vulnerable servers, posing significant risks to public-facing systems. Security researchers have urged immediate patching to mitigate the threat. Separately, a year-long supply chain attack targeting the npm ecosystem has been uncovered. The attack involved a malicious xmlrpc library that exfiltrated sensitive data and deployed cryptocurrency mining operations. Additionally, a critical SQL injection vulnerability (CVE-2024-42327) with a CVSS 9.9 score has been identified in Zabbix, further emphasizing the need for robust cybersecurity measures.