The latest software security intel (September 2023)

Newsletter September 2023 | MergeBase

Welcome to the September edition of the MergeBase newsletter, your gateway to the latest developments and insights in the realm of cybersecurity.

In this month’s issue, we explore a critical zero-day attack targeting the WebP image format, the FDA’s groundbreaking premarket cybersecurity guidance, offer access to Gartner’s latest report on the 2023 Cyberthreat Landscape, and provide you with valuable tips and guides on cybersecurity and SCA technology.

Top Cyber Threats

WebP 0 Day Attack - CVE 2023-5129

A zero-day vulnerability identified as CVE-2023-4863 has sent shockwaves through the cybersecurity landscape, posing a substantial risk to major web browsers and a wide range of applications. With Google rating at the highest possible severity level of 10.0, the urgency and gravity of the situation are evident.

This vulnerability resides within the WebP image format and specifically targets the technique used for lossless image compression on the web, which is a fundamental tool for web developers aiming to create faster-loading, smaller images.

FDA’s New Premarket Cybersecurity Guidance and SBOM Requirements

fda Rules

The US Food and Drug Administration (FDA) has recently published extensive premarket cybersecurity guidance, marking a significant step forward in protecting medical devices from cyber threats. The 57-page guidance released on September 27, 2023, developed over nearly a decade, builds upon the agency’s previous 2014 version and addresses the evolving landscape of cybersecurity in the medical device industry.

A key focus of the guidance is on Software Bill of Materials (SBOM) requirements, offering clarity on what should be included and mandating machine-readable formats. It also incorporates new legislative authorities granted to the FDA in 2022, ensuring that medical device manufacturers must consider cybersecurity throughout a product’s lifecycle, emphasizing the need for continuous adaptation and enhancement of cybersecurity measures.

This guidance serves as a vital resource for stakeholders in the healthcare industry to ensure the safety and security of medical devices in an increasingly interconnected world.

Gartner’s Report

How to Respond to 2023 Cyberthreat Landscape

Gartner Report

Stay informed and take proactive steps to strengthen your organization’s cybersecurity. Get complimentary access to the report for an overview of the 2023 Cyberthreat Landscape. Download the report now!

Tips & Guides

Kelly, Oscar, and Delan had a great chat about SCA risk management, vulnerability exploitation, hackers, AI, and the processes you need to have in place to be secure. Have a coffee and take 15 min to watch the entire conversation. Check the video here!

5 Key Benefits of MergeBase for Java Engineers


Diving deeper into the top 5 SCA technology benefits with Oscar and Delan, MergeBase’s Software Engineer.

Ready for amazing customer service?

Our professional team of industry and product experts are well practiced in understanding your software supply chain security needs and finding the right solution for you.

How can we help you today?