vulnerability
GitHub RCE Vulnerability: CVE-2026-3854 Breakdown
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
Added 5 days ago
The zero-days are numbered
https://blog.mozilla.org/en/privacy-security/ai-security-zero-day-vulnerabilities/
Added 2 weeks ago
RedSun: System user access on Win 11/10 and Server with the April 2026 Update
https://github.com/Nightmare-Eclipse/RedSun
Added 2 weeks ago
[email protected] and [email protected] are compromised · Issue #10604 · axios/axios · GitHub
https://github.com/axios/axios/issues/10604#issuecomment-4160410930
Added 1 month ago
Trivy under attack again: Widespread GitHub Actions tag compromise secrets
https://socket.dev/blog/trivy-under-attack-again-github-actions-compromise
Added 1 month ago
VulHunt: Open-source vulnerability detection framework - Help Net Security
https://www.helpnetsecurity.com/2026/03/16/vulhunt-open-source-vulnerability-detection-framework/
Added 1 month ago
A GitHub Issue Title Compromised 4k Developer Machines
https://grith.ai/blog/clinejection-when-your-ai-tool-installs-another
Added 2 months ago
Windows Notepad App Remote Code Execution Vulnerability
https://www.cve.org/CVERecord?id=CVE-2026-20841
Added 2 months ago
Opus 4.6 uncovers 500 zero-day flaws in open-source code
https://www.axios.com/2026/02/05/anthropic-claude-opus-46-software-hunting
Added 3 months ago
Supply Chain Vuln Compromised Core AWS GitHub Repos & Threatened the AWS Console
https://www.wiz.io/blog/wiz-research-codebreach-vulnerability-aws-codebuild
Added 3 months ago
Years-old bugs in open source took out major clouds at risk • The Register
https://www.theregister.com/2025/11/24/fluent_bit_cves/
Added 5 months ago
Researchers discover security vulnerability in WhatsApp
https://www.univie.ac.at/en/news/detail/forscherinnen-entdecken-grosse-sicherheitsluecke-in-whatsapp
Added 5 months ago
Inside the breach that broke the internet: The untold story of Log4Shell - The GitHub Blog
https://github.blog/open-source/inside-the-breach-that-broke-the-internet-the-untold-story-of-log4shell/
Added 6 months ago
OpenSSH Vulnerability Exploited Via ProxyCommand to Execute Remote Code
https://cybersecuritynews.com/openssh-vulnerability-proxycommand/
Added 6 months ago
From MCP to shell: MCP auth flaws enable RCE in Claude Code, Gemini CLI and more
https://verialabs.com/blog/from-mcp-to-shell/
Added 7 months ago
One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens - dirkjanm.io
https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/
Added 7 months ago
We all dodged a bullet - Xe Iaso
https://xeiaso.net/notes/2025/we-dodged-a-bullet/
Added 7 months ago
Critical Docker Desktop flaw lets attackers hijack Windows hosts
https://www.bleepingcomputer.com/news/security/critical-docker-desktop-flaw-lets-attackers-hijack-windows-hosts/
Added 8 months ago
Cracking the Vault: how we found zero-day flaws in authentication, identity, and authorization in HashiCorp Vault - Cyata | The Control Plane for Agentic Identity
https://cyata.ai/blog/cracking-the-vault-how-we-found-zero-day-flaws-in-authentication-identity-and-authorization-in-hashicorp-vault/
Added 8 months ago
CISA extends funding to ensure 'no lapse in critical CVE services'
https://www.bleepingcomputer.com/news/security/cisa-extends-funding-to-ensure-no-lapse-in-critical-cve-services/
Added 11 months ago
CVE program faces swift end after DHS fails to renew contract. Leaving security flaw tracking in limbo
https://www.csoonline.com/article/3963190/cve-program-faces-swift-end-after-dhs-fails-to-renew-contract-leaving-security-flaw-tracking-in-limbo.html
Added 11 months ago