New Gogs zero-day flaw lets hackers get remote code execution
…This critical severity argument injection security flaw has yet to be assigned a CVE ID, affects the latest release versions (Gogs 0.14.2 and 0.15.0+dev), and can only…
Search
Ivanti warns of new EPMM flaw exploited in zero-day attacks
…Cybersecurity and Infrastructure Security Agency (CISA) gave U.S. government agencies 4 days to secure their systems against CVE-2026-1340 attacks. Multiple other Ivanti EPMM zero-days have been exploited in…
Gogs patches critical zero-day enabling remote code execution
…massive attack surface," Wiz security researchers (who reported the flaw) said. On January 12, CISA confirmed that CVE-2025-8110 was being abused in the wild and added it to its catalog…
FBI disrupts massive AI-powered phishing service using a million URLs
FBI disrupts massive AI-powered phishing service using a million URLs By Bill Toulas June 14, 2026 10:36 AM In a coordinated effort, the FBI, working with Google and Black Lotus…
Fake OpenAI repository on Hugging Face pushes infostealer malware
…cryptocurrency wallets and seed phrases, and invalidate browser sessions and tokens. Threat actors have abused Hugging Face in the past to host malicious models , despite the platform's security measures. The Validation…
Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
…According to supply-chain security platform SafeDep, although the trigger mechanism is different in compromised Mistral AI and TanStack packages, they drop the same credential-stealing payload. Microsoft Threat Intelligence analyzed the…
Red Hat npm packages compromised to steal developer credentials
…Those commits added a GitHub Actions workflow and a script that abused npm's publishing mechanism to release backdoored packages. "When the workflow runs, it installs Bun and executes _index.js , passing…
New 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute
…World AI Security conference later this month in a presentation from researcher Quang Luong. However, proof-of-concept (PoC) exploits have already been published for the new attack method. Impact and fixes…
The ‘Miasma’ worm source code briefly leaked on GitHub
…The framework harvests credentials from cloud providers, CI/CD systems, password managers, Kubernetes, and secret stores, and abuses them to compromise npm, PyPI, and RubyGems packages, as well as GitHub repositories, Actions…
To show you the most relevant results, we’ve omitted some entries very similar to those already shown. Repeat the search with the omitted results included.