The Latest Software Security Intel (February 2024)

Newsletter February 2024 | MergeBase

Welcome to the February issue of the MergeBase newsletter, your gateway to the latest developments and insights in the world of cybersecurity.

This month, in the wake of Google’s new AI initiatives, we’re asking the question on everyone’s mind: what do hackers, SCA, and AI have in common?

Plus, can a toothbrush really be vulnerable to malware?

Skip to:

1. Industry headlines
2. Top vulnerabilities
3. New on the blog

What do SCA, hackers, and AI have in common?


Join Oscar, Kelly, and Delan as they dive into what connects SCA, hackers, and AI in this short 15-minute video.

Industry Headlines

Microsoft Azure suffers its biggest security breach in history

Microsoft Azure’s security breach exposed the sensitive customer data of hundreds of Azure accounts. The main targets? CEOs, presidents, account managers, financial directors, VPs, and sales directors. As a result, the attackers could access information from all levels and domains of the business.

It’s thought the hackers used the same harmful campaign Proofpoint identified in November 2023, combining cloud account takeover with phishing techniques to steal credentials.

Learn more about this latest attack here.

Electric toothbrushes used in massive DDoS attack. Or were they?

In early February, news broke that hackers launched a distributed denial-of-service (DDoS) attack against nearly 3 million internet-connected toothbrushes.

As it turns out, this story resulted from a translation error, meaning your toothbrushes are safe (for now, at least). But it didn’t stop the story from going viral and offering interesting insights into how little is publicly understood about cybersecurity.

Top Vulnerabilities

Microsoft releases security updates for 73 vulnerabilities & 2 actively exploited zero-days

Microsoft’s February 2024 Patch Tuesday included security updates for 73 vulnerabilities and 2 actively exploited zero-days

  • CVE-2024-21351
  • CVE-2024-21412

CISA warns of Fortinet bug likely being exploited in the wild

CISA issued a one-week deadline to patch the latest Fortinet bug believed to be being exploited in the wild.

Identifier: CVE-2024-21762

Risk score: 9.8 out of 10

Description: A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests.

New on the blog

How to Identify Vulnerabilities in Open Source Code

Discover how to identify vulnerabilities in Open Source Code and keep your software secure.

Everything You Need to Know About Open Source License Compliance

Learn more about open source license compliance, the risks of non-compliance, and future licensing trends in this in-depth guide.

Ready to prioritize your software supply chain security in 2024? 

Our technical team are ready to answer your software supply chain security questions and help you find the right solution for your organization.