vulnerability
VulHunt: Open-source vulnerability detection framework - Help Net Security
https://www.helpnetsecurity.com/2026/03/16/vulhunt-open-source-vulnerability-detection-framework/
Added 4 days ago
A GitHub Issue Title Compromised 4k Developer Machines
https://grith.ai/blog/clinejection-when-your-ai-tool-installs-another
Added 2 weeks ago
Windows Notepad App Remote Code Execution Vulnerability
https://www.cve.org/CVERecord?id=CVE-2026-20841
Added 1 month ago
Opus 4.6 uncovers 500 zero-day flaws in open-source code
https://www.axios.com/2026/02/05/anthropic-claude-opus-46-software-hunting
Added 1 month ago
Supply Chain Vuln Compromised Core AWS GitHub Repos & Threatened the AWS Console
https://www.wiz.io/blog/wiz-research-codebreach-vulnerability-aws-codebuild
Added 2 months ago
Years-old bugs in open source took out major clouds at risk • The Register
https://www.theregister.com/2025/11/24/fluent_bit_cves/
Added 3 months ago
Researchers discover security vulnerability in WhatsApp
https://www.univie.ac.at/en/news/detail/forscherinnen-entdecken-grosse-sicherheitsluecke-in-whatsapp
Added 4 months ago
Inside the breach that broke the internet: The untold story of Log4Shell - The GitHub Blog
https://github.blog/open-source/inside-the-breach-that-broke-the-internet-the-untold-story-of-log4shell/
Added 4 months ago
OpenSSH Vulnerability Exploited Via ProxyCommand to Execute Remote Code
https://cybersecuritynews.com/openssh-vulnerability-proxycommand/
Added 5 months ago
From MCP to shell: MCP auth flaws enable RCE in Claude Code, Gemini CLI and more
https://verialabs.com/blog/from-mcp-to-shell/
Added 5 months ago
One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens - dirkjanm.io
https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/
Added 6 months ago
We all dodged a bullet - Xe Iaso
https://xeiaso.net/notes/2025/we-dodged-a-bullet/
Added 6 months ago
Critical Docker Desktop flaw lets attackers hijack Windows hosts
https://www.bleepingcomputer.com/news/security/critical-docker-desktop-flaw-lets-attackers-hijack-windows-hosts/
Added 6 months ago
Cracking the Vault: how we found zero-day flaws in authentication, identity, and authorization in HashiCorp Vault - Cyata | The Control Plane for Agentic Identity
https://cyata.ai/blog/cracking-the-vault-how-we-found-zero-day-flaws-in-authentication-identity-and-authorization-in-hashicorp-vault/
Added 7 months ago
CISA extends funding to ensure 'no lapse in critical CVE services'
https://www.bleepingcomputer.com/news/security/cisa-extends-funding-to-ensure-no-lapse-in-critical-cve-services/
Added 9 months ago
CVE program faces swift end after DHS fails to renew contract. Leaving security flaw tracking in limbo
https://www.csoonline.com/article/3963190/cve-program-faces-swift-end-after-dhs-fails-to-renew-contract-leaving-security-flaw-tracking-in-limbo.html
Added 9 months ago
AI-hallucinated code dependencies become new supply chain risk
https://www.bleepingcomputer.com/news/security/ai-hallucinated-code-dependencies-become-new-supply-chain-risk/
Added 9 months ago
Remote Code Execution Vulnerabilities in Ingress NGINX | Wiz Blog
https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities
Added 9 months ago
Harden-Runner detection: tj-actions/changed-files action is compromised - StepSecurity
https://search.app/nz29ggeNi26oEF8q9
Added 9 months ago
Sign in as anyone: Bypassing SAML SSO authentication with parser differentials - The GitHub Blog
https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/
Added 9 months ago
Paul Butler – Smuggling arbitrary data through an emoji
https://paulbutler.org/2025/smuggling-arbitrary-data-through-an-emoji/
Added 9 months ago