Security reporter focused on supply-chain attacks, package-registry compromises, CVE disclosures, and the slow march toward post-quantum crypto.
DepthFirst's agent surfaced 21 FFmpeg zero-days for about $1,000. One 183-byte packet hits RCE. The deeper story is who pays the volunteers who fix them.
A worm hijacked Red Hat's npm namespace, a rootkit spread through 1,500 Arch AUR packages, and a SOC 2-certified AI gateway shipped malware. Registries are under fire.
A flaw in Starlette, downloaded 325M times a week, let a single Host-header character bypass path-based auth across FastAPI, vLLM, and MCP servers.
A disclosed VS Code zero-day lets one click on a malicious github.dev notebook steal a GitHub OAuth token with full read-write access to every private repo.
GitHub wiped Nightmare-Eclipse's account on May 23 after weeks of unpatched Windows exploits. The ban reopened the oldest fight in security: who decides what research gets hosted?
Connected cars collect location, driving behavior, in-cabin audio, and synced contacts, then route it to automaker clouds, brokers, and insurers. Here's how to stop it.
ShinyHunters breached a 7-Eleven Salesforce instance holding franchisee documents, exposing 185,000 people. The 9.4GB archive hit a leak site after 7-Eleven declined to pay.
Spammers found a Tenant Name injection in Entra ID that pushes fraud text into Microsoft's own OTP emails. The from-line reads [email protected].
Chromium Issue 1396278 went public on May 20 because Google's tracker auto-clears restrictions on stale closed bugs. The flaw, reported in 2022, was never fixed.
Apple's SEAR team published formal verification proofs for corecrypto's ML-KEM and ML-DSA implementations. 50,000 proof steps cover 2.5 billion active devices.
GitHub detected the intrusion on May 18 after a malicious VS Code extension compromised an employee's device. The attacker claims to have exfiltrated 3,800 internal repositories.
Microsoft is phasing out SMS sign-in and recovery on personal Microsoft accounts by December 2026. Replacements: passkeys, Authenticator, or verified email.
GitGuardian found a public CISA repo with 844 MB of secrets, including AWS GovCloud admin keys. The repo sat open for six months.
Joernchen of 0day.click found a deeplink RCE in Claude Code. Anthropic shipped the fix in 2.1.118 the same week.
A federal jury convicted Sohaib Akhter on May 7 of wiping 96 government databases at Opexus. His twin Muneeb queried an AI: 'how do I clear system logs from SQL servers.'
F5 disclosed CVE-2026-42945 on May 13 after depthfirst's analyzer found a heap overflow in a 2008 commit. NGINX 1.31.0 ships the patch, every Plus tier needs an upgrade.
A pseudonymous researcher dropped two unpatched Windows zero-days on May 12. YellowKey bypasses BitLocker via WinRE; Microsoft has not acknowledged either bug.
CERT VU#471747 lists six dnsmasq CVEs disclosed May 11. The DHCPv6 flaw is local-root code execution. Simon Kelley credits 'a revolution in AI-based security research.'
Attackers compromised 42 TanStack packages through a pull_request_target exploit, cache poisoning, and OIDC token theft. An external researcher caught it in 20 minutes.
Cyera disclosed CVE-2026-7482 on May 1, a CVSS 9.1 unauthenticated heap read in Ollama. Three API calls dump prompts, env vars, and API keys from any open instance.
Dirty Frag chains two page-cache flaws in the ESP and RxRPC subsystems into a deterministic privilege escalation that hits every major distro. A PoC exploit is public.
RedAccess found that AI coding tools like Lovable, Base44, and Replit default to public hosting, leaving medical records, bank internals, and corporate secrets indexed by Google.
ShinyHunters breached Canvas LMS again, claiming 275 million records from 9,000 schools. Names, emails, student IDs, and private messages exposed.
Kaspersky pinned a supply-chain attack on the DAEMON Tools installer dating to April 8. Thousands hit globally, dozens upgraded to a QUIC RAT implant via signed binaries.
Meta is rolling out one-to-one Threads DMs on desktop web for users 18 and over. Group chats come later, regional availability is staged, and the new sidebar surfaces analytics.
Reddit is rolling out an undismissible 'get the app' banner on mobile web for a slice of frequent users. Old.reddit.com doesn't fully escape it.
A two-line PR flipped the AI co-author flag from off to all in April. Hand-typed commits started getting Copilot attribution. The maintainer apologized and promised a fix in 1.119.
A researcher showed Edge decrypts the entire password vault at launch and leaves it in process memory. Chrome decrypts on demand. Microsoft says it's intentional.
CISA, NSA, GCHQ, ASD, CSE and NCSC-NZ jointly tell organizations agentic AI isn't ready for fast rollout. The 23-page guide names five risk categories.
A 300-line MIT library lets one Worker route durable execution to every tenant's own workflow. The piece Cloudflare's Agents Week was missing.
The 313 Team flooded Canonical's infrastructure starting May 1, blocking apt updates and the Ubuntu security API just as admins needed both.
Two malicious lightning releases hit PyPI on April 30. The 42-minute window was enough to ship an RSA-encrypted infostealer to ML developers worldwide.
cPanel shipped fixes April 28 for a CVSS 9.8 auth bypass that walks attackers into shared-hosting panels with no password. WatchTowr says exploitation started before the patch.
CVE-2026-31431 chains AF_ALG and splice() to write into the page cache of /usr/bin/su. Xint Code disclosed it on April 29, nine years after the bug shipped.
CVE-2026-3854 is a CVSS 8.7 RCE in GitHub's git-push pipeline. github.com fixed it within hours. 88% of Enterprise Server installs were still vulnerable at disclosure.
Socket flagged a self-propagating worm in @automagik/genie, pgserve, and 14 sibling Namastex Labs packages. It steals 40 credential categories and republishes itself.
CVE-2026-34621 is an actively exploited Acrobat and Reader bug that runs attacker JavaScript inside the PDF runtime. The first sample hit VirusTotal in November and went unflagged.
Project Lighthouse logged 13 million cellular disruptions from car-mounted IMSI catchers spoofing legitimate towers. Three men face 44 charges in Canada's first SMS-blaster bust.
Microsoft's April 8 Patch Tuesday closes 167 CVEs. CVE-2026-32201 in SharePoint is being exploited and CISA added it the same day. Here's what to patch first.
SGLang's reranker renders chat templates without a sandbox. Load a hostile GGUF, hit /v1/rerank, and the attacker has Python on your inference box. No patch yet.
Werner Koch shipped GnuPG 2.5.19 on April 24 with FIPS-203 ML-KEM, the first stable post-quantum encryption algorithm in OpenPGP. Here's what changed and what didn't.
Aikido found a stage-2 Go binary inside two health-check-themed packages that runs an OpenAI-compatible router routing Claude, GPT, and Gemini traffic through Chinese aggregators.
A malicious @bitwarden/[email protected] hit npm on April 22. The payload steals npm tokens, cloud secrets, and Claude Code credentials, then self-replicates.
CVE-2026-40372 lets attackers forge auth cookies on .NET 10.0.6 apps on Linux and macOS. The fix is 10.0.7. Here's what broke, who's exposed, and how to patch.
GHSA-xq3m-2v4x-88gg hits protobuf.js ≤8.0.0 / ≤7.5.4. Attacker-controlled schemas executed arbitrary JS on decode. One-line fix patched it.
IEEE S&P 2026 papers extend GPUHammer with GeForge, GDDRHammer, and GPUBreach. They flip GDDR6 bits to break out of the GPU and own the host.
A Context.ai compromise let attackers take over a Vercel employee's Google Workspace. Non-sensitive env vars were exposed, and a ShinyHunters persona is asking $2M.
Attackers force-pushed 75 of 76 trivy-action tags to a malicious commit. Pinning by tag turned a trusted scanner into an infostealer for CI pipelines.
Google's security team says cryptographically-relevant quantum computers could arrive by 2029, six years before the NSA's 2031 deadline. What to migrate, and in what order.