1+ hour, 36+ min ago  (439+ words) Google has announced expanded Binary Transparency for Android as a way to safeguard the ecosystem from supply chain attacks. "This new public ledger ensures the Google apps on your device are exactly what we intended to build and distribute," Google's…...

18+ hour, 30+ min ago  (329+ words) The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP Server, including a severe vulnerability that could potentially lead to remote code execution (RCE). The vulnerability, tracked as CVE-2026-23918 (CVSS score: 8. 8), has been…...

1+ day, 19+ min ago  (908+ words) While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM infrastructure, drawn by the…...

5+ day, 1+ hour ago  (313+ words) A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, Git Hub Actions tampering, and SSH persistence. The activity has been attributed to the Git…...

5+ day, 18+ hour ago  (640+ words) In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. According to Aikido Security, OX Security, Socket, and Step Security, the two malicious…...

2+ week, 1+ hour ago  (267+ words) Microsoft has released out-of-band updates to address a security vulnerability in ASP. NET Core that could allow an attacker to escalate privileges. The vulnerability, tracked as CVE-2026-40372, carries a CVSS score of 9. 1 out of 10. 0. It's rated Important in severity. An…...

2+ week, 1+ day ago  (465+ words) The flaw, since patched, combines Antigravity's permitted file-creation capabilities with an insufficient input sanitization in Antigravity's native file-searching tool, find_by_name, to bypass the program's Strict Mode, a restrictive security configuration that limits network access, prevents out-of-workspace writes, and ensures all commands…...

6+ day, 10+ hour ago  (671+ words) Google has addressed a maximum severity security flaw in Gemini CLI -- the "@google/gemini-cli" npm package and the "google-github-actions/run-gemini-cli" Git Hub Actions workflow -- that could have allowed attackers to execute arbitrary commands on host systems. "The vulnerability allowed an…...

1+ week, 6+ day ago  (803+ words) Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2. 1. 20 and…...

6+ day, 20+ hour ago  (1167+ words) Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic's Claude Opus large language model (LLM). The malware campaign has been codenamed Prompt Mink by Reversing Labs, which linked…...