1. cdxgen Configuration Vulnerability: AI-Prompted Discovery Reveals Data Exfiltration Risk in Untrusted Projects
A critical security flaw in the popular software composition analysis tool cdxgen has been exposed, revealing a pathway for attackers to exfiltrate sensitive keys and data. The vulnerability, which centers on the tool's handling of YAML and JSON configuration files, allows maliciously crafted scripts to leverage the `s...