1+ hour, 11+ min ago  (626+ words) A fresh wave of malicious packages has been quietly spreading through the Nu Get ecosystem, one of the most widely used registries in the. NET developer world. Five rogue packages have been discovered posing as legitimate Chinese software libraries, secretly…...

2+ hour, 11+ min ago  (391+ words) VM2 has been hit by 11 critical vulnerabilities, putting countless applications that rely on it at risk of executing untrusted code. Affecting all versions up to 3. 11. 1, each flaw provides attackers with a clear path out of the sandbox and into the host…...

17+ hour, 42+ min ago  (439+ words) A critical cybersecurity vulnerability has been uncovered in Argo CD, a widely used declarative Git Ops continuous delivery tool for Kubernetes environments. Tracked as CVE-2026-43824, this high-severity flaw allows low-privileged users to extract plaintext Kubernetes Secrets directly from a cluster....

17+ hour, 46+ min ago  (325+ words) A newly disclosed flaw exposes internet-facing Major Do Mo servers to unauthenticated remote code execution via a broken authentication flow and unsafe dynamic PHP evaluation. The vulnerability (CVE-2026-27174) stems from the /admin. php request flow, where improper handling of unauthorized…...

1+ day, 18+ hour ago  (499+ words) A critical unauthenticated remote code execution vulnerability in the Weaver E-cology platform is currently being actively exploited in the wild. CVE-2026-22679 carries a maximum CVSS score of 9. 8 and affects Weaver E-cology 10. 0 builds released before 20260312. The security flaw exists in an…...

2+ day, 4+ hour ago  (584+ words) The npm ecosystem has long been a target for supply chain attacks, where threat actors exploit the open nature of public package registries to push malicious code into developer environments. With pnpm 11, the package manager takes a direct step to…...

2+ day, 8+ hour ago  (267+ words) The Apache Software Foundation has released a critical security update for Apache HTTP Server, patching five vulnerabilities, including a dangerous double-free flaw capable of enabling Remote Code Execution (RCE) in version 2. 4. 67, released on May 4, 2026. All users running version 2. 4. 66 or earlier…...

2+ day, 19+ hour ago  (651+ words) A malicious npm package impersonating the widely trusted Tan Stack project was discovered on April 29, 2026, silently stealing developer environment files the moment it was installed. The attacker registered the unscoped "tanstack" package name on npm, dressed it up as a…...

2+ day, 22+ hour ago  (543+ words) A new supply chain attack is targeting the SAP developer ecosystem through poisoned npm packages. The campaign uses a malicious worm called "Mini Shai-Hulud," which runs silently before any npm install completes and steals credentials from developer machines, cloud platforms,…...

2+ day, 23+ hour ago  (345+ words) The Apache MINA project has issued urgent security updates to address two critical vulnerabilities that could allow attackers to execute arbitrary code on affected systems. Developers relying on this network application framework are strongly urged to update their software immediately…...