Threat Advisories

New Vulnerability Found in the JsonWebToken Open-Source Project

January 10, 2023

Threat Level

Vulnerability Report

For a detailed threat advisory, download the pdf file here

Summary

A new high-severity vulnerability named CVE-2022-23529 has been discovered in the popular JsonWebToken open-source package. This vulnerability allows attackers to execute remote code on servers that verify a maliciously crafted JSON web token (JWT) request.

Southeast Asian APT Group Saaiwc Targets Military and Financial Departments with PowerDism Backdoor

PatchWork gang dropped a variant of the BADNEWS Trojan