Expert perspectives on application security, compliance, and emerging threats
IncidentOn June 1, 2026, attackers published over 30 compromised npm packages under Red Hat s Cloud Services namespace. These packages contained Mini Shai-Hulud malware designed to exfiltrate credentials from
IncidentOn May 25, 2026, Johannes Link released jqwik version 1.10.0 to Maven Central with a deliberate prompt injection designed to sabotage AI coding agents. The Java testing library s maintainer embedded i
IncidentWhat Happened In early 2025, security researchers at Wiz discovered unauthorized code modifications in at least 32 package releases within Red Hat s npm namespace. These packages, linked to the Shai-H
IncidentOn a routine Thursday, packages under the @redhat-cloud-services namespace on npm began executing malware during installation. The compromised packages—including @redhat-cloud-services/types—ran malic
Get weekly security insights and compliance updates delivered to your inbox.
IncidentUnderstanding the Vulnerability CVE-2022-31692 revealed a critical flaw in Spring Security versions 5.6.x through 5.7.4, scoring 9.8 on the National Vulnerability Database. Applications using RegexReq
IncidentWhat Happened On January 4, CircleCI discovered unauthorized access to their systems and immediately advised all customers to rotate their secrets. The company invalidated Personal and Project API tok
IncidentWhat Happened Obsidian Security disclosed CVE-2026-40933, a critical remote code execution vulnerability in Flowise s Model Context Protocol (MCP) stdio server implementation. The vulnerability has a
IncidentWhat Happened A malicious npm package named codexui-android infiltrated the supply chain of OpenAI Codex users, exfiltrating authentication tokens to an attacker-controlled server at sentry.anyclaw[.]
IncidentWhat Happened On September 7, 2017, Equifax disclosed a breach that exposed personal information of 147 million people. The attack exploited CVE-2017-5638 , a remote code execution vulnerability in Ap
IncidentWhat Happened CVE-2022-1471 exposed a critical flaw in SnakeYaml s Constructor class, allowing arbitrary code execution through unsafe deserialization. This vulnerability affects the org.yaml:snakeyam
IncidentWhat Happened Security researcher Zemnmez discovered a use-of-weak-hash vulnerability in crypto-js and crypto-es, two widely-used JavaScript cryptography libraries. The vulnerability (CVE-2023-46233 f
IncidentWhat Happened On October 11, 2023, the curl project disclosed CVE-2023-38545 , a heap-based buffer overflow in libcurl versions 7.69.0 through 8.3.0. The vulnerability affects the SOCKS5 proxy handsha
IncidentThe Problem Snyk s 2023 State of Open Source Security report highlights a critical issue: 40% of organizations do not use Software Composition Analysis (SCA) or Static Application Security Testing (SA
IncidentWhat Happened On September 11, 2023, CVE-2023-4863 was disclosed with a CVSS score of 9.6. The vulnerability affects libwebp, an image codec library, across versions 0.5.0 through 1.3.1. An attacker c
IncidentOn December 7, 2023, the Apache Software Foundation disclosed CVE-2023-50164 , a path traversal vulnerability in Apache Struts with a CVSS score of 9.8. This flaw allows attackers to manipulate file u
IncidentOverview of the Vulnerability A critical vulnerability in WP Maps Pro allowed attackers to create administrator accounts on WordPress sites without authentication. The flaw, tracked as CVE-2026-8732,
