https://appsec.fyi/changelog.html New application security resources added to appsec.fyi in the last 7 days en-us Sun, 26 Apr 2026 03:26:51 +0000 carl@chs.us (Carl Sampson) https://www.secnews.gr/en/704887/zimbra-servers-eualotoi-xss-epithesis/ https://www.secnews.gr/en/704887/zimbra-servers-eualotoi-xss-epithesis/ Over 10,000 Zimbra Servers Vulnerable to XSS Attacks https://ift.tt/UNZfrVk XSS news Fri, 24 Apr 2026 20:31:31 +0000 https://www.bleepingcomputer.com/news/security/cisa-says-zimbra-flaw-now-exploited-over-10k-servers-vulnerable/ https://www.bleepingcomputer.com/news/security/cisa-says-zimbra-flaw-now-exploited-over-10k-servers-vulnerable/ Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks https://ift.tt/Ay2mKgb XSS news Fri, 24 Apr 2026 13:56:29 +0000 https://x.com/vulert_official/status/2047624407104036892 https://x.com/vulert_official/status/2047624407104036892 🚨 LMDeploy SSRF alert CVE-2026-33626 exploited within hours ⚠️ Attackers can access internal services & cloud metadata. Update now & restrict outbound requests.vulert.com/blog/lmdeploy-…p #CyberSecuri... SSRF news Fri, 24 Apr 2026 11:13:23 +0000 https://thehackernews.com/2026/04/lmdeploy-cve-2026-33626-flaw-exploited.html https://thehackernews.com/2026/04/lmdeploy-cve-2026-33626-flaw-exploited.html LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure https://ift.tt/8wBTJAc SSRF news Fri, 24 Apr 2026 07:41:26 +0000 https://www.esecurityplanet.com/threats/checkmarx-supply-chain-attack-exploits-docker-images-and-ci-cd-pipelines/ https://www.esecurityplanet.com/threats/checkmarx-supply-chain-attack-exploits-docker-images-and-ci-cd-pipelines/ Checkmarx Supply Chain Attack Exploits Docker Images and CI/CD Pipelines  https://ift.tt/fPkwYx0 Supply Chain news Thu, 23 Apr 2026 22:20:31 +0000 https://www.ox.security/blog/shai-hulud-bitwarden-cli-supply-chain-attack/ https://www.ox.security/blog/shai-hulud-bitwarden-cli-supply-chain-attack/ Shai-Hulud: The Third Coming — Bitwarden CLI Backdoored in Latest Supply Chain Campaign https://ift.tt/OsEXhPW Supply Chain news Thu, 23 Apr 2026 17:55:43 +0000 https://backendnews.net/tenable-finds-microsoft-github-flaw-risking-supply-chains/ https://backendnews.net/tenable-finds-microsoft-github-flaw-risking-supply-chains/ Tenable finds Microsoft GitHub flaw risking supply chains https://ift.tt/VXu8wM2 Supply Chain news Thu, 23 Apr 2026 17:13:06 +0000 https://www.bleepingcomputer.com/news/security/new-checkmarx-supply-chain-breach-affects-kics-analysis-tool/ https://www.bleepingcomputer.com/news/security/new-checkmarx-supply-chain-breach-affects-kics-analysis-tool/ New Checkmarx supply-chain breach affects KICS analysis tool https://ift.tt/p2R0T8O Supply Chain news Thu, 23 Apr 2026 16:35:53 +0000 https://www.msspalert.com/perspective/six-ai-vulnerabilities-three-attack-patterns-one-dangerous-service-gap https://www.msspalert.com/perspective/six-ai-vulnerabilities-three-attack-patterns-one-dangerous-service-gap Six AI Vulnerabilities, Three Attack Patterns, One Dangerous Service Gap https://ift.tt/STbWHA5 AI news Thu, 23 Apr 2026 16:01:30 +0000 https://portswigger.net/web-security/llm-attacks/ai-powered-scanner-vulnerabilities https://portswigger.net/web-security/llm-attacks/ai-powered-scanner-vulnerabilities AI-powered scanner vulnerabilities https://ift.tt/re6cDjZ AI news Thu, 23 Apr 2026 15:30:30 +0000 https://www.msn.com/en-us/news/technology/anthropic-s-model-context-protocol-includes-a-critical-remote-code-execution-vulnerability/ar-AA21tiyX https://www.msn.com/en-us/news/technology/anthropic-s-model-context-protocol-includes-a-critical-remote-code-execution-vulnerability/ar-AA21tiyX Anthropic's model context protocol includes a critical remote code execution vulnerability https://ift.tt/Hfb3ygq AI news Thu, 23 Apr 2026 14:39:40 +0000 https://www.scworld.com/brief/checkmarx-docker-hub-repository-compromised-with-malicious-images https://www.scworld.com/brief/checkmarx-docker-hub-repository-compromised-with-malicious-images Checkmarx Docker Hub repository compromised with malicious images https://ift.tt/Cpy7bme Supply Chain news Thu, 23 Apr 2026 13:55:33 +0000 https://gbhackers.com/attackers-exploit-lmdeploy-flaw/ https://gbhackers.com/attackers-exploit-lmdeploy-flaw/ Attackers Exploit LMDeploy Flaw in the Wild Within 12 Hours of Advisory https://ift.tt/xWknlfA SSRF news Thu, 23 Apr 2026 12:31:38 +0000 https://www.scworld.com/news/namastex-npm-packages-compromised-in-canisterworm-supply-chain-attack https://www.scworld.com/news/namastex-npm-packages-compromised-in-canisterworm-supply-chain-attack Namastex npm packages compromised in ‘CanisterWorm’ supply chain attack https://ift.tt/hbNKaTp Supply Chain news Thu, 23 Apr 2026 12:15:37 +0000 https://securityboulevard.com/2026/04/no-off-season-three-supply-chain-campaigns-hit-npm-pypi-and-docker-hub-in-48-hours/ https://securityboulevard.com/2026/04/no-off-season-three-supply-chain-campaigns-hit-npm-pypi-and-docker-hub-in-48-hours/ No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and Docker Hub in 48 Hours https://ift.tt/fIX26Eo Supply Chain news Thu, 23 Apr 2026 12:15:36 +0000 https://www.mexc.co/en-PH/news/1045276 https://www.mexc.co/en-PH/news/1045276 AI Sparks Bug-Bounty Surge in Crypto, but Low-Quality Reports Grow https://ift.tt/ImqYgUJ Bug Bounty news Thu, 23 Apr 2026 10:19:04 +0000 https://blog.gitguardian.com/three-supply-chain-campaigns-hit-npm-pypi-and-docker-hub-in-48-hours/ https://blog.gitguardian.com/three-supply-chain-campaigns-hit-npm-pypi-and-docker-hub-in-48-hours/ No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and Docker Hub in 48 Hours https://ift.tt/JDfPrIS Supply Chain news Thu, 23 Apr 2026 10:00:50 +0000 https://cyberpress.org/new-lmdeploy-vulnerability/ https://cyberpress.org/new-lmdeploy-vulnerability/ New LMDeploy Vulnerability Exploited in the Wild Just 12 Hours After Public Advisory https://ift.tt/txmoBfy API Security news Thu, 23 Apr 2026 09:51:31 +0000 https://cyberpress.org/xinference-pypi-package-compromised/ https://cyberpress.org/xinference-pypi-package-compromised/ Xinference PyPI Package Compromised With Malicious Code to Steal Cloud Credentials https://ift.tt/MALwDp9 Supply Chain news Thu, 23 Apr 2026 09:10:46 +0000 https://www.cxodigitalpulse.com/malicious-docker-images-and-vs-code-extensions-compromise-checkmarx-supply-chain/ https://www.cxodigitalpulse.com/malicious-docker-images-and-vs-code-extensions-compromise-checkmarx-supply-chain/ Malicious Docker Images and VS Code Extensions Compromise Checkmarx Supply Chain https://ift.tt/xvOUGSi Supply Chain news Thu, 23 Apr 2026 09:10:44 +0000 https://gbhackers.com/checkmarx-kics-docker-repo-hijacked/ https://gbhackers.com/checkmarx-kics-docker-repo-hijacked/ Checkmarx KICS Docker Repo Hijacked in Malicious Code Injection Attack https://ift.tt/ocmvb8S Supply Chain news Thu, 23 Apr 2026 09:10:40 +0000 https://gbhackers.com/xinference-pypi-breach-exposes-developers/ https://gbhackers.com/xinference-pypi-breach-exposes-developers/ Xinference PyPI Breach Exposes Developers to Cloud Credential Theft https://ift.tt/Tqo2NKg Supply Chain news Thu, 23 Apr 2026 08:58:35 +0000 https://www.huntress.com/blog/axios-npm-compromise https://www.huntress.com/blog/axios-npm-compromise axios npm Compromise: The Ultimate Supply Chain Scaries https://ift.tt/ZmiRfkp Supply Chain news Thu, 23 Apr 2026 08:55:36 +0000 https://www.msn.com/en-us/news/technology/anthropic-s-model-context-protocol-includes-a-critical-remote-code-execution-vulnerability/ar-AA21tiyX?apiversion https://www.msn.com/en-us/news/technology/anthropic-s-model-context-protocol-includes-a-critical-remote-code-execution-vulnerability/ar-AA21tiyX?apiversion Anthropic's model context protocol includes a critical remote code execution vulnerability https://ift.tt/uJoCxjU RCE news Thu, 23 Apr 2026 08:34:05 +0000 https://www.ox.security/blog/xinference-allegedly-hacked-by-teampcp-malicious-package-in-pypi/ https://www.ox.security/blog/xinference-allegedly-hacked-by-teampcp-malicious-package-in-pypi/ Xinference allegedly hacked by TeamPCP, Malicious Package In PyPi https://ift.tt/vMwcIWt Supply Chain news Thu, 23 Apr 2026 07:38:42 +0000 https://www.msn.com/en-us/technology/cybersecurity/langchain-framework-hit-by-several-worrying-security-issues-here-s-what-we-know/ar-AA1ZyEnW?apiversion https://www.msn.com/en-us/technology/cybersecurity/langchain-framework-hit-by-several-worrying-security-issues-here-s-what-we-know/ar-AA1ZyEnW?apiversion LangChain framework hit by several worrying security issues — here's what we know https://ift.tt/XaO0IvB SQLi news Thu, 23 Apr 2026 07:31:18 +0000 https://www.varindia.com/news/ai-supply-chain-monitor-identifies-critical-axios-attack https://www.varindia.com/news/ai-supply-chain-monitor-identifies-critical-axios-attack AI Supply-Chain Monitor Identifies Critical Axios Attack https://ift.tt/jMkYqAz Supply Chain news Thu, 23 Apr 2026 05:30:48 +0000 https://www.manilatimes.net/2026/04/20/tmt-newswire/globenewswire/aikido-security-launches-endpoint-protection-for-developer-devices-as-software-supply-chain-attacks-hit-unprecedented-scale/2323823 https://www.manilatimes.net/2026/04/20/tmt-newswire/globenewswire/aikido-security-launches-endpoint-protection-for-developer-devices-as-software-supply-chain-attacks-hit-unprecedented-scale/2323823 Aikido Security Launches Endpoint Protection for Developer Devices as Software Supply Chain Attacks Hit Unprecedented Scale https://ift.tt/sLawUZo Supply Chain news Thu, 23 Apr 2026 04:45:41 +0000 https://github.com/wapiti-scanner/wapiti?sfnsn=wiwspmo https://github.com/wapiti-scanner/wapiti?sfnsn=wiwspmo Web vulnerability scanner written in Python3 Python beginner Thu, 23 Apr 2026 04:34:59 +0000 https://x.com/TweetThreatNews/status/2047159805358301245 https://x.com/TweetThreatNews/status/2047159805358301245 CVE-2026-33626 exposes an SSRF in LMDeploy’s vision-language image loader. Attackers accessed AWS IMDS, scanned local services, and confirmed egress within 12 hours. Update to v0.12.3 and enforce IMDS... SSRF news Thu, 23 Apr 2026 04:28:37 +0000 https://x.com/the_yellow_fall/status/2047142935527886977 https://x.com/the_yellow_fall/status/2047142935527886977 CVE-2026-33626: A critical SSRF in LMDeploy exploited in under 13 hours. Learn how attackers hijack AI nodes and how to secure your inference cloud now. #CVE202633626 #SSRF #AISecurity #LMDeploy #Info... SSRF news Thu, 23 Apr 2026 02:43:36 +0000 https://www.csoonline.com/article/4162178/microsoft-issues-out-of-band-patch-for-critical-security-flaw-in-update-to-asp-net-core.html https://www.csoonline.com/article/4162178/microsoft-issues-out-of-band-patch-for-critical-security-flaw-in-update-to-asp-net-core.html Microsoft issues out-of-band patch for critical security flaw in update to ASP.NET Core https://ift.tt/ACNkfaG API Security news Thu, 23 Apr 2026 01:11:28 +0000 https://www.theregister.com/2026/04/22/another_npm_supply_chain_attack/ https://www.theregister.com/2026/04/22/another_npm_supply_chain_attack/ Another npm supply chain worm is tearing through dev environments https://ift.tt/mrPsh3p Supply Chain news Wed, 22 Apr 2026 23:30:26 +0000 https://thehackernews.com/2026/04/self-propagating-supply-chain-worm.html https://thehackernews.com/2026/04/self-propagating-supply-chain-worm.html Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens https://ift.tt/ch1xmSL Supply Chain news Wed, 22 Apr 2026 22:10:36 +0000 https://cybernews.com/security/critical-litellm-supply-chain-attack-sends-shockwaves/ https://cybernews.com/security/critical-litellm-supply-chain-attack-sends-shockwaves/ Massive compromise hits LiteLLM and the whole AI developers community: how did it happen? https://ift.tt/kWQ0dJB AI news Wed, 22 Apr 2026 20:43:24 +0000 https://securityboulevard.com/2026/04/supply-chain-attacks-are-getting-worse-how-to-shrink-your-exposure/ https://securityboulevard.com/2026/04/supply-chain-attacks-are-getting-worse-how-to-shrink-your-exposure/ Supply Chain Attacks Are Getting Worse—How to Shrink Your Exposure https://ift.tt/A90d4Bp Supply Chain beginner Wed, 22 Apr 2026 20:05:48 +0000 https://thehackernews.com/2026/04/malicious-kics-docker-images-and-vs.html https://thehackernews.com/2026/04/malicious-kics-docker-images-and-vs.html Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain https://ift.tt/uA7BI5U Supply Chain news Wed, 22 Apr 2026 19:10:32 +0000 https://www.sentinelone.com/blog/hypersonic-supply-chain-attacks-one-solution-that-didnt-need-to-know-the-payload/ https://www.sentinelone.com/blog/hypersonic-supply-chain-attacks-one-solution-that-didnt-need-to-know-the-payload/ Hypersonic Supply Chain Attacks: One Solution That Didn't Need to Know the Payload https://ift.tt/bKtc9JB Supply Chain intermediate Wed, 22 Apr 2026 19:10:31 +0000 https://venturebeat.com/security/ai-agent-runtime-security-system-card-audit-comment-and-control-2026 https://venturebeat.com/security/ai-agent-runtime-security-system-card-audit-comment-and-control-2026 Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it https://ift.tt/smH86bY AI news Wed, 22 Apr 2026 18:40:07 +0000 https://www.corporatecomplianceinsights.com/who-really-blame-white-hat-gray/ https://www.corporatecomplianceinsights.com/who-really-blame-white-hat-gray/ Who’s Really to Blame When a White Hat Goes Gray? https://ift.tt/GRys4eB Bug Bounty news Wed, 22 Apr 2026 17:19:39 +0000 https://gbhackers.com/mozilla-firefox-150-released/ https://gbhackers.com/mozilla-firefox-150-released/ Mozilla Firefox 150 Released With Fixes for Multiple Code Execution Vulnerabilities https://ift.tt/6dEs8aC RCE news Wed, 22 Apr 2026 16:54:43 +0000 https://www.secnews.gr/en/704148/terrarium-sandbox-eypatheia-root-critique/ https://www.secnews.gr/en/704148/terrarium-sandbox-eypatheia-root-critique/ Terrarium Sandbox: Critical Vulnerability Allows Root Code https://ift.tt/xt7SA8a RCE news Wed, 22 Apr 2026 16:48:35 +0000 https://cyberpress.org/firefox-150-released-with-fixes/ https://cyberpress.org/firefox-150-released-with-fixes/ Firefox 150 Released With Fixes for Multiple Code Execution Vulnerabilities https://ift.tt/oKqHTf5 RCE news Wed, 22 Apr 2026 16:24:31 +0000 https://gbhackers.com/critical-spring-authorization-server-issue/ https://gbhackers.com/critical-spring-authorization-server-issue/ Critical Spring Authorization Server Issue Exposes Systems to XSS and SSRF Attacks https://ift.tt/y4laiIW SSRF news Wed, 22 Apr 2026 15:41:09 +0000 https://www.techzine.eu/news/security/140713/nextcloud-ends-bug-bounty-program-due-to-too-many-low-quality-reports/ https://www.techzine.eu/news/security/140713/nextcloud-ends-bug-bounty-program-due-to-too-many-low-quality-reports/ Nextcloud ends bug bounty program due to too many low-quality reports https://ift.tt/Qpl1nJ2 Bug Bounty news Wed, 22 Apr 2026 15:29:41 +0000 https://cyberpress.org/spring-authorization-server-flaw/ https://cyberpress.org/spring-authorization-server-flaw/ Critical Spring Authorization Server Flaw Enables XSS, Privilege Escalation, and SSRF https://ift.tt/b2pauUc SSRF news Wed, 22 Apr 2026 14:41:29 +0000 https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-security-updates-for-critical-aspnet-flaw/ https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-security-updates-for-critical-aspnet-flaw/ Microsoft releases emergency patches for critical ASP.NET flaw https://ift.tt/C9a1UoS API Security news Wed, 22 Apr 2026 14:11:17 +0000 https://www.scworld.com/news/flaw-in-microsoft-owned-github-repository-allowed-rce-via-issue-submission https://www.scworld.com/news/flaw-in-microsoft-owned-github-repository-allowed-rce-via-issue-submission Flaw in Microsoft-owned GitHub repository allowed RCE via issue submission https://ift.tt/gj6ZlMi Supply Chain news Wed, 22 Apr 2026 13:34:15 +0000 https://www.bleepingcomputer.com/news/security/new-npm-supply-chain-attack-self-spreads-to-steal-auth-tokens/ https://www.bleepingcomputer.com/news/security/new-npm-supply-chain-attack-self-spreads-to-steal-auth-tokens/ New npm supply-chain attack self-spreads to steal auth tokens https://ift.tt/jx1785i Supply Chain news Wed, 22 Apr 2026 13:25:42 +0000 https://medium.com/@ali.zamini/ssti-in-bug-bounty-program-the-time-i-played-with-handlebars-and-broke-stuff-7dc1f9834a3d https://medium.com/@ali.zamini/ssti-in-bug-bounty-program-the-time-i-played-with-handlebars-and-broke-stuff-7dc1f9834a3d SSTI in Bug Bounty: Playing with Handlebars and Breaking Stuff SSTI intermediate Wed, 22 Apr 2026 12:53:25 +0000 https://www.akto.io/blog/server-side-template-injection-explanation-discovery-exploitation-and-prevention https://www.akto.io/blog/server-side-template-injection-explanation-discovery-exploitation-and-prevention SSTI: Explanation, Discovery, Exploitation, and Prevention SSTI beginner Wed, 22 Apr 2026 12:53:24 +0000 https://www.kayssel.com/newsletter/issue-32/ https://www.kayssel.com/newsletter/issue-32/ SSTI: Breaking Out of Templates SSTI intermediate Wed, 22 Apr 2026 12:53:23 +0000 https://github.com/rapid7/metasploit-framework/pull/21017 https://github.com/rapid7/metasploit-framework/pull/21017 Metasploit Module: Tactical RMM Jinja2 SSTI RCE (CVE-2025-69516) SSTI news Wed, 22 Apr 2026 12:53:23 +0000 https://www.rapid7.com/db/modules/exploit/multi/http/grav_twig_ssti_sandbox_bypass_rce/ https://www.rapid7.com/db/modules/exploit/multi/http/grav_twig_ssti_sandbox_bypass_rce/ Grav CMS Twig SSTI Authenticated Sandbox Bypass RCE SSTI intermediate Wed, 22 Apr 2026 12:53:22 +0000 https://advisories.gitlab.com/pkg/pypi/dynaconf/CVE-2026-33154/ https://advisories.gitlab.com/pkg/pypi/dynaconf/CVE-2026-33154/ CVE-2026-33154: Dynaconf RCE via Insecure Jinja Template Evaluation SSTI news Wed, 22 Apr 2026 12:53:21 +0000 https://github.com/getgrav/grav/security/advisories/GHSA-gjc5-8cfh-653x https://github.com/getgrav/grav/security/advisories/GHSA-gjc5-8cfh-653x Grav CMS: Security Sandbox Bypass with SSTI SSTI intermediate Wed, 22 Apr 2026 12:53:20 +0000 https://github.com/getgrav/grav/security/advisories/GHSA-662m-56v4-3r8f https://github.com/getgrav/grav/security/advisories/GHSA-662m-56v4-3r8f Grav CMS: RCE via SSTI through Twig Sandbox Bypass SSTI intermediate Wed, 22 Apr 2026 12:53:20 +0000 https://github.com/advisories/GHSA-65mp-fq8v-56jr https://github.com/advisories/GHSA-65mp-fq8v-56jr CVE-2026-27641: Flask-Reuploaded Path Traversal Enabling SSTI RCE SSTI news Wed, 22 Apr 2026 12:53:19 +0000 https://arxiv.org/html/2405.01118v1 https://arxiv.org/html/2405.01118v1 A Survey of the Overlooked Dangers of Template Engines (arXiv 2024) SSTI advanced Wed, 22 Apr 2026 12:53:18 +0000 https://www.sentinelone.com/vulnerability-database/cve-2026-32597/ https://www.sentinelone.com/vulnerability-database/cve-2026-32597/ CVE-2026-32597: PyJWT Information Disclosure Vulnerability JWT news Wed, 22 Apr 2026 12:53:17 +0000 https://www.thehackerwire.com/authlib-critical-jwt-forgery-cve-2026-27962/ https://www.thehackerwire.com/authlib-critical-jwt-forgery-cve-2026-27962/ Authlib Critical JWT Forgery (CVE-2026-27962) JWT news Wed, 22 Apr 2026 12:53:17 +0000 https://www.endorlabs.com/vulnerability/cve-2026-34950 https://www.endorlabs.com/vulnerability/cve-2026-34950 CVE-2026-34950 fast-jwt: Incomplete Fix for CVE-2023-48223 JWT news Wed, 22 Apr 2026 12:53:15 +0000 https://dev.to/cverports/cve-2026-22817-identity-theft-on-the-edge-exploiting-jwt-algorithm-confusion-in-hono-5an9 https://dev.to/cverports/cve-2026-22817-identity-theft-on-the-edge-exploiting-jwt-algorithm-confusion-in-hono-5an9 CVE-2026-22817: JWT Algorithm Confusion in Hono JWT news Wed, 22 Apr 2026 12:53:14 +0000 https://github.com/cipher1x1/CVE-2026-29000 https://github.com/cipher1x1/CVE-2026-29000 Proof of Concept for CVE-2026-29000 (pac4j-jwt) JWT intermediate Wed, 22 Apr 2026 12:53:13 +0000 https://pentesterlab.com/blog/cve-2026-23993-harbourjwt-unknown-alg-jwt-bypass https://pentesterlab.com/blog/cve-2026-23993-harbourjwt-unknown-alg-jwt-bypass CVE-2026-23993: JWT Authentication Bypass in HarbourJwt via Unknown alg JWT news Wed, 22 Apr 2026 12:53:12 +0000 https://datatracker.ietf.org/doc/draft-ietf-oauth-rfc8725bis/ https://datatracker.ietf.org/doc/draft-ietf-oauth-rfc8725bis/ draft-ietf-oauth-rfc8725bis: JSON Web Token Best Current Practices JWT beginner Wed, 22 Apr 2026 12:53:12 +0000 https://dailycve.com/oauth2-proxy-authentication-bypass-cve-2026-40575-critical/ https://dailycve.com/oauth2-proxy-authentication-bypass-cve-2026-40575-critical/ OAuth2 Proxy Authentication Bypass via X-Forwarded-Uri (CVE-2026-40575) Authentication news Wed, 22 Apr 2026 12:53:10 +0000 https://www.thehackerwire.com/keycloak-saml-disabled-client-sso-bypass/ https://www.thehackerwire.com/keycloak-saml-disabled-client-sso-bypass/ Keycloak SAML Disabled Client SSO Bypass (CVE-2026-3047) Authentication news Wed, 22 Apr 2026 12:53:09 +0000 https://www.sentinelone.com/vulnerability-database/cve-2026-2092/ https://www.sentinelone.com/vulnerability-database/cve-2026-2092/ CVE-2026-2092: Keycloak Auth Bypass Vulnerability Authentication news Wed, 22 Apr 2026 12:53:08 +0000 https://cvereports.com/reports/CVE-2026-1529 https://cvereports.com/reports/CVE-2026-1529 CVE-2026-1529: Bypassing Keycloak Org Security Authentication news Wed, 22 Apr 2026 12:53:08 +0000 https://securityonline.info/apache-kafka-jwt-authentication-bypass-logging-vulnerabilities-2026/ https://securityonline.info/apache-kafka-jwt-authentication-bypass-logging-vulnerabilities-2026/ OAUTHBEARER Bypass and Sensitive Logging Leaks Hit Apache Kafka Authentication news Wed, 22 Apr 2026 12:53:07 +0000 https://www.securing.pl/en/cve-2025-26788-passkey-authentication-bypass-in-strongkey-fido-server/ https://www.securing.pl/en/cve-2025-26788-passkey-authentication-bypass-in-strongkey-fido-server/ CVE-2025-26788: Passkey Authentication Bypass in StrongKey FIDO Server Authentication news Wed, 22 Apr 2026 12:53:06 +0000 https://pushsecurity.com/blog/device-code-phishing https://pushsecurity.com/blog/device-code-phishing Analyzing the rise in device code phishing attacks in 2026 Authentication news Wed, 22 Apr 2026 12:53:05 +0000 https://workos.com/blog/saml-vulnerabilities-2026 https://workos.com/blog/saml-vulnerabilities-2026 SAML rough quarter: Five critical vulnerabilities in four months Authentication news Wed, 22 Apr 2026 12:53:05 +0000 https://www.offsec.com/blog/cve-2024-9956/ https://www.offsec.com/blog/cve-2024-9956/ CVE-2024-9956: Critical WebAuthentication Vulnerability in Chrome on Android Authentication news Wed, 22 Apr 2026 12:53:04 +0000 https://nvd.nist.gov/vuln/detail/CVE-2026-34457 https://nvd.nist.gov/vuln/detail/CVE-2026-34457 CVE-2026-34457 Detail (OAuth2 Proxy) - NVD Authentication news Wed, 22 Apr 2026 12:53:03 +0000 https://medium.com/@laughterkings95/picoctf-super-serial-writeup-php-object-injection-explained-clearly-83201433389f https://medium.com/@laughterkings95/picoctf-super-serial-writeup-php-object-injection-explained-clearly-83201433389f picoCTF Super Serial Writeup: PHP Object Injection Explained Clearly Deserialization beginner Wed, 22 Apr 2026 12:53:02 +0000 https://medium.com/@pa2sw0rd/deep-dive-into-fastjson-deserialization-vulnerabilities-from-principles-to-practical-defense-c3be134ec8a6 https://medium.com/@pa2sw0rd/deep-dive-into-fastjson-deserialization-vulnerabilities-from-principles-to-practical-defense-c3be134ec8a6 Deep Dive into Fastjson Deserialization Vulnerabilities Deserialization advanced Wed, 22 Apr 2026 12:53:02 +0000 https://github.com/yaleman/cve-2025-24813-poc https://github.com/yaleman/cve-2025-24813-poc CVE-2025-24813 PoC: Apache Tomcat Java Deserialization Deserialization news Wed, 22 Apr 2026 12:53:01 +0000 https://research.eye.security/wsus-deserialization-exploit-in-the-wild-cve-2025-59287/ https://research.eye.security/wsus-deserialization-exploit-in-the-wild-cve-2025-59287/ WSUS Deserialization Exploit in the Wild (CVE-2025-59287) Deserialization news Wed, 22 Apr 2026 12:53:00 +0000 https://www.usenix.org/conference/usenixsecurity25/presentation/zhang-yiheng https://www.usenix.org/conference/usenixsecurity25/presentation/zhang-yiheng Precise and Effective Gadget Chain Mining through Deserialization-Guided Call Graph Construction (USENIX Security 2025) Deserialization advanced Wed, 22 Apr 2026 12:52:59 +0000 https://dl.acm.org/doi/10.1145/3715711 https://dl.acm.org/doi/10.1145/3715711 Gleipner: A Benchmark for Gadget Chain Detection in Java Deserialization Vulnerabilities Deserialization advanced Wed, 22 Apr 2026 12:52:59 +0000 https://thehackernews.com/2026/03/unc6426-exploits-nx-npm-supply-chain.html https://thehackernews.com/2026/03/unc6426-exploits-nx-npm-supply-chain.html UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours Secrets news Wed, 22 Apr 2026 12:52:58 +0000 https://cloudsecurityalliance.org/artifacts/state-of-non-human-identity-security-survey-report https://cloudsecurityalliance.org/artifacts/state-of-non-human-identity-security-survey-report The State of Non-Human Identity Security (CSA Survey Report) Secrets beginner Wed, 22 Apr 2026 12:52:57 +0000 https://www.javacodegeeks.com/2025/12/secrets-management-in-2026-vault-aws-secrets-manager-and-beyond-a-developers-guide.html https://www.javacodegeeks.com/2025/12/secrets-management-in-2026-vault-aws-secrets-manager-and-beyond-a-developers-guide.html Secrets Management in 2026: Vault, AWS Secrets Manager, and Beyond Secrets beginner Wed, 22 Apr 2026 12:52:56 +0000 https://www.buildmvpfast.com/blog/github-secret-scanning-pattern-updates-devops-2026 https://www.buildmvpfast.com/blog/github-secret-scanning-pattern-updates-devops-2026 GitHub Secret Scanning 2026: New Patterns, Push Protection Secrets beginner Wed, 22 Apr 2026 12:52:56 +0000 https://blog.gitguardian.com/nhi-security-tools/ https://blog.gitguardian.com/nhi-security-tools/ Top 10 Non-Human Identity Security Tools and Platforms for 2026 Secrets beginner Wed, 22 Apr 2026 12:52:55 +0000 https://advisories.gitlab.com/golang/github.com/hashicorp/vault/CVE-2026-5807/ https://advisories.gitlab.com/golang/github.com/hashicorp/vault/CVE-2026-5807/ CVE-2026-5807: HashiCorp Vault DoS via Unauthenticated Root Token Generation Secrets news Wed, 22 Apr 2026 12:52:54 +0000 https://advisories.gitlab.com/golang/github.com/hashicorp/vault/CVE-2026-3605/ https://advisories.gitlab.com/golang/github.com/hashicorp/vault/CVE-2026-3605/ CVE-2026-3605: HashiCorp Vault KVv2 Metadata Policy Bypass (DoS) Secrets news Wed, 22 Apr 2026 12:52:54 +0000 https://blog.gitguardian.com/the-state-of-secrets-sprawl-2026-pr/ https://blog.gitguardian.com/the-state-of-secrets-sprawl-2026-pr/ AI Is Fueling Secrets Sprawl: GitGuardian Reports 81% Surge of AI-Service Leaks Secrets news Wed, 22 Apr 2026 12:52:53 +0000 https://discuss.hashicorp.com/t/hcsec-2026-08-vault-vulnerable-to-denial-of-service-via-unauthenticated-root-token-generation-rekey-operations/77345 https://discuss.hashicorp.com/t/hcsec-2026-08-vault-vulnerable-to-denial-of-service-via-unauthenticated-root-token-generation-rekey-operations/77345 HCSEC-2026-08: Vault DoS via Unauthenticated Root Token Generation Secrets news Wed, 22 Apr 2026 12:52:52 +0000 https://discuss.hashicorp.com/t/hcsec-2026-05-vault-kvv2-metadata-and-secret-deletion-policy-bypass-denial-of-service/77342 https://discuss.hashicorp.com/t/hcsec-2026-05-vault-kvv2-metadata-and-secret-deletion-policy-bypass-denial-of-service/77342 HCSEC-2026-05: Vault KVv2 Metadata Policy Bypass DoS Secrets news Wed, 22 Apr 2026 12:52:51 +0000 https://strobes.co/blog/axios-npm-supply-chain-attack-compromised-rat-2026/ https://strobes.co/blog/axios-npm-supply-chain-attack-compromised-rat-2026/ Axios npm Supply Chain Attack: 83M Downloads Hit Supply Chain news Wed, 22 Apr 2026 12:52:51 +0000 https://socradar.io/blog/axios-npm-supply-chain-attack-2026-ciso-guide/ https://socradar.io/blog/axios-npm-supply-chain-attack-2026-ciso-guide/ Axios npm Hijack 2026: Everything You Need to Know Supply Chain news Wed, 22 Apr 2026 12:52:50 +0000 https://thehackernews.com/2026/03/teampcp-pushes-malicious-telnyx.html https://thehackernews.com/2026/03/teampcp-pushes-malicious-telnyx.html TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files Supply Chain news Wed, 22 Apr 2026 12:52:49 +0000 https://www.stepsecurity.io/blog/litellm-credential-stealer-hidden-in-pypi-wheel https://www.stepsecurity.io/blog/litellm-credential-stealer-hidden-in-pypi-wheel litellm: Credential Stealer Hidden in PyPI Wheel Supply Chain news Wed, 22 Apr 2026 12:52:49 +0000 https://github.blog/news-insights/product-news/whats-coming-to-our-github-actions-2026-security-roadmap/ https://github.blog/news-insights/product-news/whats-coming-to-our-github-actions-2026-security-roadmap/ What's Coming to Our GitHub Actions 2026 Security Roadmap Supply Chain news Wed, 22 Apr 2026 12:52:48 +0000 https://jfrog.com/blog/shai-hulud-npm-supply-chain-attack-new-compromised-packages-detected/ https://jfrog.com/blog/shai-hulud-npm-supply-chain-attack-new-compromised-packages-detected/ Shai-Hulud npm Supply Chain Attack: New Compromised Packages Detected Supply Chain news Wed, 22 Apr 2026 12:52:47 +0000 https://securitylabs.datadoghq.com/articles/litellm-compromised-pypi-teampcp-supply-chain-campaign/ https://securitylabs.datadoghq.com/articles/litellm-compromised-pypi-teampcp-supply-chain-campaign/ LiteLLM and Telnyx Compromised on PyPI: Tracing the TeamPCP Supply Chain Campaign Supply Chain news Wed, 22 Apr 2026 12:52:46 +0000 https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/ https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/ Keeping Your GitHub Actions Secure Part 1: Preventing Pwn Requests Supply Chain intermediate Wed, 22 Apr 2026 12:52:45 +0000 https://www.wiz.io/blog/github-actions-security-threat-model-and-defenses https://www.wiz.io/blog/github-actions-security-threat-model-and-defenses GitHub Actions Security Pt 1: Attacks & Defenses (Wiz) Supply Chain intermediate Wed, 22 Apr 2026 12:52:44 +0000 https://www.appknox.com/blog/kmm-security-root-jailbreak-detection-ssl-pinning https://www.appknox.com/blog/kmm-security-root-jailbreak-detection-ssl-pinning Root/Jailbreak Detection and SSL Pinning in KMM Mobile intermediate Wed, 22 Apr 2026 12:52:43 +0000 https://www.kayssel.com/newsletter/issue-12/ https://www.kayssel.com/newsletter/issue-12/ Reversing Android Apps: Bypassing Detection Like a Pro Mobile intermediate Wed, 22 Apr 2026 12:52:43 +0000 https://httptoolkit.com/blog/android-reverse-engineering/ https://httptoolkit.com/blog/android-reverse-engineering/ Reverse engineering and modifying Android apps with JADX and Frida Mobile intermediate Wed, 22 Apr 2026 12:52:42 +0000 https://www.corellium.com/blog/mobile-app-security-cves-ios-testing https://www.corellium.com/blog/mobile-app-security-cves-ios-testing Common Vulnerabilities and Exposures Examples in Mobile Apps Mobile beginner Wed, 22 Apr 2026 12:52:41 +0000 https://tonygo.tech/blog/2025/8ksec-ios-ctf-writeup https://tonygo.tech/blog/2025/8ksec-ios-ctf-writeup Bypassing iOS Frida Detection with LLDB and Frida Mobile intermediate Wed, 22 Apr 2026 12:52:40 +0000 https://github.com/httptoolkit/frida-interception-and-unpinning https://github.com/httptoolkit/frida-interception-and-unpinning frida-interception-and-unpinning: Scripts to MitM all HTTPS traffic Mobile intermediate Wed, 22 Apr 2026 12:52:40 +0000 https://github.com/B3nac/Android-Reports-and-Resources https://github.com/B3nac/Android-Reports-and-Resources Android Reports and Resources Mobile beginner Wed, 22 Apr 2026 12:52:39 +0000 https://mas.owasp.org/MASTG/0x06b-iOS-Security-Testing/ https://mas.owasp.org/MASTG/0x06b-iOS-Security-Testing/ iOS Security Testing - OWASP MASTG Mobile beginner Wed, 22 Apr 2026 12:52:38 +0000 https://source.android.com/docs/security/bulletin/2026/2026-03-01 https://source.android.com/docs/security/bulletin/2026/2026-03-01 Android Security Bulletin - March 2026 Mobile news Wed, 22 Apr 2026 12:52:37 +0000 https://source.android.com/docs/security/bulletin/2026/2026-04-01 https://source.android.com/docs/security/bulletin/2026/2026-04-01 Android Security Bulletin - April 2026 Mobile news Wed, 22 Apr 2026 12:52:37 +0000 https://inonst.medium.com/a-deep-dive-on-the-most-critical-api-vulnerability-bola-1342224ec3f2 https://inonst.medium.com/a-deep-dive-on-the-most-critical-api-vulnerability-bola-1342224ec3f2 A Deep Dive on the Most Critical API Vulnerability: BOLA API Security intermediate Wed, 22 Apr 2026 12:52:36 +0000 https://www.paloaltonetworks.com/cyberpedia/broken-object-property-level-authorization https://www.paloaltonetworks.com/cyberpedia/broken-object-property-level-authorization What Is Broken Object Property Level Authorization? API Security beginner Wed, 22 Apr 2026 12:52:35 +0000 https://www.paloaltonetworks.com/cyberpedia/broken-object-level-authentication-api1 https://www.paloaltonetworks.com/cyberpedia/broken-object-level-authentication-api1 What Is Broken Object Level Authorization? API Security beginner Wed, 22 Apr 2026 12:52:35 +0000 https://spyboy.blog/2026/01/14/this-is-how-i-hacked-an-api-using-mass-assignment-vulnerability/ https://spyboy.blog/2026/01/14/this-is-how-i-hacked-an-api-using-mass-assignment-vulnerability/ This Is How I Hacked an API Using Mass Assignment Vulnerability API Security intermediate Wed, 22 Apr 2026 12:52:34 +0000 https://www.getastra.com/blog/vulnerability/cve-2026-34839/ https://www.getastra.com/blog/vulnerability/cve-2026-34839/ CVE-2026-34839: CORS Vulnerability in Glances REST API API Security news Wed, 22 Apr 2026 12:52:33 +0000 https://www.wallarm.com/reports/2026-wallarm-api-threatstats-report https://www.wallarm.com/reports/2026-wallarm-api-threatstats-report API ThreatStats Report 2026 API Security news Wed, 22 Apr 2026 12:52:32 +0000 https://github.com/erev0s/VAmPI https://github.com/erev0s/VAmPI VAmPI: Vulnerable REST API with OWASP Top 10 Vulnerabilities API Security beginner Wed, 22 Apr 2026 12:52:32 +0000 https://salt.security/blog/api4-2023-unrestricted-resource-consumption https://salt.security/blog/api4-2023-unrestricted-resource-consumption API4:2023 Unrestricted Resource Consumption API Security beginner Wed, 22 Apr 2026 12:52:31 +0000 https://salt.security/blog/the-era-of-agentic-security-is-here-key-findings-from-the-1h-2026-state-of-ai-and-api-security-report https://salt.security/blog/the-era-of-agentic-security-is-here-key-findings-from-the-1h-2026-state-of-ai-and-api-security-report 1H 2026 State of AI and API Security Report (Salt) API Security news Wed, 22 Apr 2026 12:52:30 +0000 https://portswigger.net/web-security/api-testing/lab-exploiting-mass-assignment-vulnerability https://portswigger.net/web-security/api-testing/lab-exploiting-mass-assignment-vulnerability PortSwigger Lab: Exploiting a Mass Assignment Vulnerability API Security intermediate Wed, 22 Apr 2026 12:52:30 +0000 https://system-design.space/en/chapter/access-control-models-acl-rbac-abac-rebac/ https://system-design.space/en/chapter/access-control-models-acl-rbac-abac-rebac/ Rights Management Approaches: ACL, RBAC, ABAC, ReBAC AuthZ beginner Wed, 22 Apr 2026 12:52:29 +0000 https://dev.to/permit_io/opa-cedar-openfga-why-are-policy-languages-trending-right-now-g7e https://dev.to/permit_io/opa-cedar-openfga-why-are-policy-languages-trending-right-now-g7e OPA, Cedar, OpenFGA: Why Are Policy Languages Trending Right Now? AuthZ news Wed, 22 Apr 2026 12:52:28 +0000 https://madappgang.com/blog/opa-vs-openfga-a-comprehensive-technical-compariso/ https://madappgang.com/blog/opa-vs-openfga-a-comprehensive-technical-compariso/ OPA vs OpenFGA: A Technical Comparison of Policy Engines AuthZ intermediate Wed, 22 Apr 2026 12:52:27 +0000 https://permify.co/post/exploring-google-zanzibar-a-demonstration-of-its-basics https://permify.co/post/exploring-google-zanzibar-a-demonstration-of-its-basics Implementing Google Zanzibar: A Demonstration of Its Basics AuthZ intermediate Wed, 22 Apr 2026 12:52:27 +0000 https://getlarge.eu/blog/how-to-protect-your-api-with-openfga/ https://getlarge.eu/blog/how-to-protect-your-api-with-openfga/ How to Protect Your API with OpenFGA: ReBAC Concepts to Practical Usage AuthZ intermediate Wed, 22 Apr 2026 12:52:26 +0000 https://www.aserto.com/blog/google-zanzibar-drive-rebac-authorization-model https://www.aserto.com/blog/google-zanzibar-drive-rebac-authorization-model How Google Drive Models Authorization: A Look into Zanzibar AuthZ intermediate Wed, 22 Apr 2026 12:52:25 +0000 https://www.redfoxsec.com/blog/common-bug-bounty-vulnerabilities-a-technical-deep-dive-for-hunters-in-2026 https://www.redfoxsec.com/blog/common-bug-bounty-vulnerabilities-a-technical-deep-dive-for-hunters-in-2026 Common Bug Bounty Vulnerabilities: A Technical Deep Dive for Hunters in 2026 AuthZ intermediate Wed, 22 Apr 2026 12:52:24 +0000 https://access.redhat.com/security/cve/cve-2026-32877 https://access.redhat.com/security/cve/cve-2026-32877 CVE-2026-32877 - Red Hat Security Advisory AuthZ news Wed, 22 Apr 2026 12:52:24 +0000 https://www.penligent.ai/hackinglabs/cve-2026-the-vulnerability-landscape-when-identity-breaks-and-legacy-code-bites-back/ https://www.penligent.ai/hackinglabs/cve-2026-the-vulnerability-landscape-when-identity-breaks-and-legacy-code-bites-back/ CVE 2026: When Identity Breaks and Legacy Code Bites Back AuthZ news Wed, 22 Apr 2026 12:52:23 +0000 https://workos.com/guide/google-zanzibar https://workos.com/guide/google-zanzibar What is Google Zanzibar? AuthZ beginner Wed, 22 Apr 2026 12:52:22 +0000 https://adversa.ai/blog/agentic-ai-red-teaming-p3/ https://adversa.ai/blog/agentic-ai-red-teaming-p3/ You're Simulating the Wrong Attacker: Who Matters in AI Red Teaming AI beginner Wed, 22 Apr 2026 12:52:21 +0000 https://github.com/confident-ai/deepteam https://github.com/confident-ai/deepteam DeepTeam: Open-Source Framework to Red Team LLMs and LLM Systems AI intermediate Wed, 22 Apr 2026 12:52:20 +0000 https://repello.ai/blog/claude-jailbreak https://repello.ai/blog/claude-jailbreak Claude Jailbreaking in 2026: What Repello's Red Teaming Data Shows AI news Wed, 22 Apr 2026 12:52:19 +0000 https://github.com/Tencent/AI-Infra-Guard https://github.com/Tencent/AI-Infra-Guard AI-Infra-Guard: Full-Stack AI Red Teaming Platform AI intermediate Wed, 22 Apr 2026 12:52:19 +0000 https://github.com/microsoft/AI-Red-Teaming-Playground-Labs https://github.com/microsoft/AI-Red-Teaming-Playground-Labs AI Red Teaming Playground Labs (Microsoft) AI intermediate Wed, 22 Apr 2026 12:52:18 +0000 https://hackerone.com/reports/2372363 https://hackerone.com/reports/2372363 Program: HackerOne Severity: medium Weakness: LLM01: Prompt Injection ## Description Hey team, Hai is vulnerable to invisible prompt injection via Unicode tag characters. ## Reproduction steps 1. ... AI intermediate Wed, 22 Apr 2026 12:52:17 +0000 https://arxiv.org/html/2511.05797v1 https://arxiv.org/html/2511.05797v1 When AI Meets the Web: Prompt Injection Risks in Third-Party AI Chatbot Plugins AI beginner Wed, 22 Apr 2026 12:52:16 +0000 https://arxiv.org/html/2601.17548v1 https://arxiv.org/html/2601.17548v1 Prompt Injection Attacks on Agentic Coding Assistants: A Systematic Analysis AI advanced Wed, 22 Apr 2026 12:52:16 +0000 https://arxiv.org/html/2507.13169v1 https://arxiv.org/html/2507.13169v1 Prompt Injection 2.0: Hybrid AI Threats AI advanced Wed, 22 Apr 2026 12:52:15 +0000 https://arxiv.org/abs/2603.30016 https://arxiv.org/abs/2603.30016 Architecting Secure AI Agents: System-Level Defenses Against Indirect Prompt Injection AI advanced Wed, 22 Apr 2026 12:52:14 +0000 https://github.com/CodeIntelligenceTesting/jazzer https://github.com/CodeIntelligenceTesting/jazzer Jazzer: Coverage-guided, in-process fuzzing for the JVM Fuzzing intermediate Wed, 22 Apr 2026 12:52:14 +0000 https://adalogics.com/blog/fuzzing-100-open-source-projects-with-oss-fuzz https://adalogics.com/blog/fuzzing-100-open-source-projects-with-oss-fuzz Fuzzing 100+ open source projects with OSS-Fuzz - lessons learned Fuzzing intermediate Wed, 22 Apr 2026 12:52:13 +0000 https://www.ndss-symposium.org/ndss-paper/large-language-model-guided-protocol-fuzzing/ https://www.ndss-symposium.org/ndss-paper/large-language-model-guided-protocol-fuzzing/ Large Language Model guided Protocol Fuzzing (NDSS) Fuzzing advanced Wed, 22 Apr 2026 12:52:12 +0000 https://blog.trailofbits.com/2025/12/31/detect-gos-silent-arithmetic-bugs-with-go-panikint/ https://blog.trailofbits.com/2025/12/31/detect-gos-silent-arithmetic-bugs-with-go-panikint/ Detect Go's silent arithmetic bugs with go-panikint Fuzzing intermediate Wed, 22 Apr 2026 12:52:11 +0000 https://research.checkpoint.com/2025/denial-of-fuzzing-rust-in-the-windows-kernel/ https://research.checkpoint.com/2025/denial-of-fuzzing-rust-in-the-windows-kernel/ Denial of Fuzzing: Rust in the Windows kernel Fuzzing intermediate Wed, 22 Apr 2026 12:52:11 +0000 https://blog.jetbrains.com/research/2025/04/kotlinxfuzz-kotlin-fuzzing/ https://blog.jetbrains.com/research/2025/04/kotlinxfuzz-kotlin-fuzzing/ Bringing Fuzz Testing to Kotlin with kotlinx.fuzz Fuzzing beginner Wed, 22 Apr 2026 12:52:09 +0000 https://airbus-seclab.github.io/AFLplusplus-blogpost/ https://airbus-seclab.github.io/AFLplusplus-blogpost/ Advanced binary fuzzing using AFL++-QEMU and libprotobuf Fuzzing advanced Wed, 22 Apr 2026 12:52:08 +0000 https://arxiv.org/html/2506.15648v1 https://arxiv.org/html/2506.15648v1 deepSURF: Detecting Memory Safety Vulnerabilities in Rust Through Fuzzing LLM-Augmented Harnesses Fuzzing advanced Wed, 22 Apr 2026 12:52:07 +0000 https://arxiv.org/html/2411.03346v1 https://arxiv.org/html/2411.03346v1 Fixing Security Vulnerabilities with AI in OSS-Fuzz Fuzzing intermediate Wed, 22 Apr 2026 12:52:07 +0000 https://arxiv.org/html/2402.17394v1 https://arxiv.org/html/2402.17394v1 A Survey of Network Protocol Fuzzing: Model, Techniques and Directions Fuzzing intermediate Wed, 22 Apr 2026 12:52:06 +0000 https://github.com/R-s0n/ars0n-framework-v2 https://github.com/R-s0n/ars0n-framework-v2 ars0n-framework-v2: Bug Bounty Hunting Framework Recon intermediate Wed, 22 Apr 2026 12:52:05 +0000 https://www.yeswehack.com/learn-bug-bounty/discover-map-hidden-endpoints-parameters https://www.yeswehack.com/learn-bug-bounty/discover-map-hidden-endpoints-parameters Uncover Hidden Assets with Bug Bounty Recon: Fuzzing and JS Analysis Recon intermediate Wed, 22 Apr 2026 12:52:04 +0000 https://0xpatrik.com/takeover-proofs/ https://0xpatrik.com/takeover-proofs/ Subdomain Takeover: Proof Creation for Bug Bounties Recon intermediate Wed, 22 Apr 2026 12:52:04 +0000 https://www.intigriti.com/researchers/blog/hacking-tools/complete-guide-to-finding-more-vulnerabilities-with-shodan-and-censys https://www.intigriti.com/researchers/blog/hacking-tools/complete-guide-to-finding-more-vulnerabilities-with-shodan-and-censys Shodan and Censys for beginners: How to find more vulnerabilities Recon beginner Wed, 22 Apr 2026 12:52:03 +0000 https://www.intigriti.com/researchers/blog/hacking-tools/hunting-down-subdomain-takeover-vulnerabilities https://www.intigriti.com/researchers/blog/hacking-tools/hunting-down-subdomain-takeover-vulnerabilities Hunting down subdomain takeover vulnerabilities Recon intermediate Wed, 22 Apr 2026 12:52:02 +0000 https://www.intigriti.com/researchers/blog/hacking-tools/hacker-tools-ffuf-fuzz-faster-u-fool-2 https://www.intigriti.com/researchers/blog/hacking-tools/hacker-tools-ffuf-fuzz-faster-u-fool-2 FFuF Fuzzer Guide: Fuzz Faster u Fool for Bug Bounty Hunters Recon intermediate Wed, 22 Apr 2026 12:52:02 +0000 https://posts.specterops.io/gathering-open-source-intelligence-bee58de48e05 https://posts.specterops.io/gathering-open-source-intelligence-bee58de48e05 Open Source Intelligence Gathering: Techniques, Automation, and Visualization Recon beginner Wed, 22 Apr 2026 12:52:01 +0000 https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/10-Test_for_Subdomain_Takeover https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/10-Test_for_Subdomain_Takeover OWASP Test for Subdomain Takeover Recon beginner Wed, 22 Apr 2026 12:52:00 +0000 https://www.assetnote.io/resources/blog/maximizing-security-outcomes-the-role-of-asm-in-bug-bounty-programs https://www.assetnote.io/resources/blog/maximizing-security-outcomes-the-role-of-asm-in-bug-bounty-programs Maximizing Security Outcomes: The Role of ASM in Bug Bounty Programs Recon beginner Wed, 22 Apr 2026 12:51:59 +0000 https://blog.projectdiscovery.io/building-one-shot-recon https://blog.projectdiscovery.io/building-one-shot-recon Building a Fast One-Shot Recon Script for Bug Bounty Recon intermediate Wed, 22 Apr 2026 12:51:59 +0000 https://www.youtube.com/playlist?list=PL9fPq3eQfaaBB9HANwjaTlKFuVhRxkdz2 https://www.youtube.com/playlist?list=PL9fPq3eQfaaBB9HANwjaTlKFuVhRxkdz2 DEF CON 33 Talks - YouTube Playlist Talks news Wed, 22 Apr 2026 12:51:58 +0000 https://defcon.org/html/defcon-33/dc-33-cfi.html https://defcon.org/html/defcon-33/dc-33-cfi.html DEF CON 33 Call Index Talks news Wed, 22 Apr 2026 12:51:57 +0000 https://blackhat.com/us-25/briefings/schedule/ https://blackhat.com/us-25/briefings/schedule/ Black Hat USA 2025 Briefings Schedule Talks news Wed, 22 Apr 2026 12:51:56 +0000 https://www.youtube.com/playlist?list=PLH15HpR5qRsXtV3t9TlkRZBmIfcIC6THE https://www.youtube.com/playlist?list=PLH15HpR5qRsXtV3t9TlkRZBmIfcIC6THE Black Hat USA 2025 - YouTube Playlist Talks news Wed, 22 Apr 2026 12:51:56 +0000 https://www.youtube.com/@BlackHatOfficialYT https://www.youtube.com/@BlackHatOfficialYT Black Hat Official YouTube Channel Talks news Wed, 22 Apr 2026 12:51:55 +0000 https://www.appsecvillage.com/events/dc-2025 https://www.appsecvillage.com/events/dc-2025 DEF CON 33 AppSec Village Talks news Wed, 22 Apr 2026 12:51:54 +0000 https://www.aerospacevillage.org/def-con-33/def-con-33-talk-schedule https://www.aerospacevillage.org/def-con-33/def-con-33-talk-schedule DEF CON 33 Aerospace Village Talk Schedule Talks news Wed, 22 Apr 2026 12:51:53 +0000 https://ndcsecurity.com/about https://ndcsecurity.com/about About NDC Security 2026 Talks news Wed, 22 Apr 2026 12:51:52 +0000 http://h1.nobbd.de/ http://h1.nobbd.de/ The Unofficial HackerOne Disclosure Timeline Bug Bounty news Wed, 22 Apr 2026 12:51:50 +0000 https://www.bugbountyhunter.com/disclosed/ https://www.bugbountyhunter.com/disclosed/ Publicly Disclosed HackerOne Bug Bounty Findings Bug Bounty news Wed, 22 Apr 2026 12:51:50 +0000 https://py-us3r.github.io/burp-writeup-graphql/ https://py-us3r.github.io/burp-writeup-graphql/ GraphQL - PortSwigger Lab Writeup Bug Bounty intermediate Wed, 22 Apr 2026 12:51:49 +0000 https://bugboard.rsecloud.com/bugbounty_writeups https://bugboard.rsecloud.com/bugbounty_writeups BugBoard: Searchable Bug Bounty Writeups Bug Bounty news Wed, 22 Apr 2026 12:51:48 +0000 https://www.bugcrowd.com/blog/ai-vulnerability-deep-dive-prompt-injection/ https://www.bugcrowd.com/blog/ai-vulnerability-deep-dive-prompt-injection/ AI Vulnerability Deep Dive: Prompt Injection (Bugcrowd) Bug Bounty intermediate Wed, 22 Apr 2026 12:51:47 +0000 https://www.bugcrowd.com/blog/a-guide-to-the-hidden-threat-of-prompt-injection/ https://www.bugcrowd.com/blog/a-guide-to-the-hidden-threat-of-prompt-injection/ A Guide to the Hidden Threat of Prompt Injection (Bugcrowd) Bug Bounty beginner Wed, 22 Apr 2026 12:51:47 +0000 https://github.com/hackthebox/bug-bounty-ctf https://github.com/hackthebox/bug-bounty-ctf Writeups for Hack The Box Bug Bounty CTF 2025 Bug Bounty news Wed, 22 Apr 2026 12:51:46 +0000 https://github.com/tuhin1729/Bug-Bounty-Methodology https://github.com/tuhin1729/Bug-Bounty-Methodology Bug-Bounty-Methodology: JWT and Other Vulnerability Classes Bug Bounty intermediate Wed, 22 Apr 2026 12:51:45 +0000 https://github.com/kh4sh3i/bug-bounty-writeups https://github.com/kh4sh3i/bug-bounty-writeups Bug Bounty Writeups: Available Programs and Writeups Bug Bounty news Wed, 22 Apr 2026 12:51:44 +0000 https://github.com/xdavidhu/awesome-google-vrp-writeups https://github.com/xdavidhu/awesome-google-vrp-writeups Awesome Google VRP Writeups Bug Bounty news Wed, 22 Apr 2026 12:51:44 +0000 https://www.cxodigitalpulse.com/critical-sglang-flaw-cve-2026-5760-enables-remote-code-execution-via-malicious-ai-models/ https://www.cxodigitalpulse.com/critical-sglang-flaw-cve-2026-5760-enables-remote-code-execution-via-malicious-ai-models/ Critical SGLang Flaw (CVE-2026-5760) Enables RCE via Malicious AI Models RCE news Wed, 22 Apr 2026 12:51:43 +0000 https://www.sentinelone.com/vulnerability-database/cve-2025-68454/ https://www.sentinelone.com/vulnerability-database/cve-2025-68454/ CVE-2025-68454: Craft CMS Twig SSTI RCE Vulnerability RCE news Wed, 22 Apr 2026 12:51:42 +0000 https://hackread.com/jenkins-servers-risk-rce-vulnerability-cve-2025-53652/ https://hackread.com/jenkins-servers-risk-rce-vulnerability-cve-2025-53652/ 15,000 Jenkins Servers at Risk from RCE Vulnerability (CVE-2025-53652) RCE news Wed, 22 Apr 2026 12:51:42 +0000 https://www.seqrite.com/blog/react2shell-cve-2025-55182-rsc-flight-decoder-remote-code-execution/ https://www.seqrite.com/blog/react2shell-cve-2025-55182-rsc-flight-decoder-remote-code-execution/ React2Shell (CVE-2025-55182): RSC Flight Decoder Remote Code Execution RCE news Wed, 22 Apr 2026 12:51:41 +0000 https://www.intruder.io/blog/ivanti-epmm-another-day-another-pre-auth-rce-cve-2026-1281-cve-2026-1340 https://www.intruder.io/blog/ivanti-epmm-another-day-another-pre-auth-rce-cve-2026-1281-cve-2026-1340 Ivanti EPMM: Another Pre-Auth RCE (CVE-2026-1281 and CVE-2026-1340) RCE news Wed, 22 Apr 2026 12:51:40 +0000 https://blog.securelayer7.net/cve-2025-57738-apache-syncope-groovy-rce/ https://blog.securelayer7.net/cve-2025-57738-apache-syncope-groovy-rce/ CVE-2025-57738: Apache Syncope Groovy Injection RCE RCE news Wed, 22 Apr 2026 12:51:39 +0000 https://thehackernews.com/2026/04/anthropic-mcp-design-vulnerability.html https://thehackernews.com/2026/04/anthropic-mcp-design-vulnerability.html Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain RCE news Wed, 22 Apr 2026 12:51:39 +0000 https://www.oligo.security/blog/critical-rce-vulnerability-in-anthropic-mcp-inspector-cve-2025-49596 https://www.oligo.security/blog/critical-rce-vulnerability-in-anthropic-mcp-inspector-cve-2025-49596 Critical RCE Vulnerability in Anthropic MCP Inspector (CVE-2025-49596) RCE news Wed, 22 Apr 2026 12:51:38 +0000 https://github.com/rippsec/CVE-2025-24893-XWiki-SSTI-RCE https://github.com/rippsec/CVE-2025-24893-XWiki-SSTI-RCE CVE-2025-24893: XWiki SSTI Unauthenticated RCE Exploit RCE news Wed, 22 Apr 2026 12:51:37 +0000 https://horizon3.ai/attack-research/disclosures/cve-2026-34197-activemq-rce-jolokia/ https://horizon3.ai/attack-research/disclosures/cve-2026-34197-activemq-rce-jolokia/ CVE-2026-34197: ActiveMQ RCE via Jolokia API RCE news Wed, 22 Apr 2026 12:51:36 +0000 https://www.sentinelone.com/vulnerability-database/cve-2025-12821/ https://www.sentinelone.com/vulnerability-database/cve-2025-12821/ CVE-2025-12821: WordPress NewsBlogger CSRF Allowing RCE CSRF news Wed, 22 Apr 2026 12:51:36 +0000 https://medium.com/@trixiahorner/csrf-walkthrough-5876cdf437ea https://medium.com/@trixiahorner/csrf-walkthrough-5876cdf437ea Manipulating User Email: A CSRF PoC From TCM Academy CSRF intermediate Wed, 22 Apr 2026 12:51:35 +0000 https://medium.com/@musayyabsharif/bypassing-csrf-token-validation-techniques-33d79004fc6b https://medium.com/@musayyabsharif/bypassing-csrf-token-validation-techniques-33d79004fc6b Bypassing CSRF Token Validation Techniques CSRF intermediate Wed, 22 Apr 2026 12:51:34 +0000 https://radar.offseq.com/threat/cve-2026-40925-cwe-352-cross-site-request-forgery--d3211bbb https://radar.offseq.com/threat/cve-2026-40925-cwe-352-cross-site-request-forgery--d3211bbb CVE-2026-40925: CSRF in WWBN AVideo Configuration Endpoint CSRF news Wed, 22 Apr 2026 12:51:33 +0000 https://ghostsecurity.com/blog/csrf-in-2025-not-dead-just-different https://ghostsecurity.com/blog/csrf-in-2025-not-dead-just-different CSRF in 2025: Not Dead, Just Different CSRF intermediate Wed, 22 Apr 2026 12:51:32 +0000 https://hackerone.com/reports/2326194 https://hackerone.com/reports/2326194 Program: Internet Bug Bounty Severity: high Weakness: Cross-Site Request Forgery (CSRF) GHSA: https://github.com/argoproj/argo-cd/security/advisories/GHSA-92mw-q256-5vwg It's been publicly known for... CSRF news Wed, 22 Apr 2026 12:51:31 +0000 https://github.com/I-TRACING-ASO/SulphurAPI https://github.com/I-TRACING-ASO/SulphurAPI SulphurAPI: Burp Suite extension for automating OWASP API Top 10 detection Burp Suite intermediate Wed, 22 Apr 2026 12:51:30 +0000 https://github.com/rm-rf-tools/awesome-burp-extensions-2025 https://github.com/rm-rf-tools/awesome-burp-extensions-2025 Awesome Burp Extensions 2025 Burp Suite intermediate Wed, 22 Apr 2026 12:51:29 +0000 https://portswigger.net/research/top-10-web-hacking-techniques-of-2025-nominations-open https://portswigger.net/research/top-10-web-hacking-techniques-of-2025-nominations-open Top 10 Web Hacking Techniques of 2025: Call for Nominations Burp Suite news Wed, 22 Apr 2026 12:51:28 +0000 https://portswigger.net/blog/the-future-of-security-testing-harness-ai-powered-extensibility-in-burp-nbsp https://portswigger.net/blog/the-future-of-security-testing-harness-ai-powered-extensibility-in-burp-nbsp The Future of Security Testing: AI-Powered Extensibility in Burp Burp Suite advanced Wed, 22 Apr 2026 12:51:27 +0000 https://portswigger.net/burp/documentation/desktop/tools/proxy/websockets-history/scripts https://portswigger.net/burp/documentation/desktop/tools/proxy/websockets-history/scripts Filtering the WebSockets history with scripts Burp Suite intermediate Wed, 22 Apr 2026 12:51:26 +0000 https://portswigger.net/burp/documentation/desktop/tools/proxy/http-history/scripts https://portswigger.net/burp/documentation/desktop/tools/proxy/http-history/scripts Filtering the HTTP history with scripts (Bambdas) Burp Suite intermediate Wed, 22 Apr 2026 12:51:25 +0000 https://portswigger.net/burp/documentation/desktop/extend-burp/extensions/creating/creating-ai-extensions/developing-ai-features https://portswigger.net/burp/documentation/desktop/extend-burp/extensions/creating/creating-ai-extensions/developing-ai-features Developing AI features in Burp extensions Burp Suite advanced Wed, 22 Apr 2026 12:51:25 +0000 https://portswigger.net/burp/documentation/desktop/burp-ai https://portswigger.net/burp/documentation/desktop/burp-ai Burp AI - PortSwigger Documentation Burp Suite beginner Wed, 22 Apr 2026 12:51:24 +0000 https://portswigger.net/burp/documentation/desktop/extend-burp/bambdas https://portswigger.net/burp/documentation/desktop/extend-burp/bambdas Bambdas - PortSwigger Documentation Burp Suite beginner Wed, 22 Apr 2026 12:51:23 +0000 https://socradar.io/blog/cve-2025-68664-langchain-flaw-secret-extraction/ https://socradar.io/blog/cve-2025-68664-langchain-flaw-secret-extraction/ CVE-2025-68664: Critical LangChain Flaw Enables Secret Extraction Python news Wed, 22 Apr 2026 12:51:22 +0000 https://appsecsanta.com/bandit https://appsecsanta.com/bandit Bandit Python: Free SAST in 10 Seconds (2026 Review) Python beginner Wed, 22 Apr 2026 12:51:20 +0000 https://www.sentinelone.com/vulnerability-database/cve-2026-22607/ https://www.sentinelone.com/vulnerability-database/cve-2026-22607/ CVE-2026-22607: Fickling Python RCE Vulnerability Python news Wed, 22 Apr 2026 12:51:19 +0000 https://www.sentinelone.com/vulnerability-database/cve-2026-21226/ https://www.sentinelone.com/vulnerability-database/cve-2026-21226/ CVE-2026-21226: Azure Core Python Library RCE Vulnerability Python news Wed, 22 Apr 2026 12:51:18 +0000 https://thehackernews.com/2026/04/sglang-cve-2026-5760-cvss-98-enables.html https://thehackernews.com/2026/04/sglang-cve-2026-5760-cvss-98-enables.html SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files Python news Wed, 22 Apr 2026 12:51:17 +0000 https://thehackernews.com/2026/04/marimo-rce-flaw-cve-2026-39987.html https://thehackernews.com/2026/04/marimo-rce-flaw-cve-2026-39987.html Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure Python news Wed, 22 Apr 2026 12:51:17 +0000 https://www.endorlabs.com/learn/critical-sql-injection-vulnerability-in-django-cve-2025-64459 https://www.endorlabs.com/learn/critical-sql-injection-vulnerability-in-django-cve-2025-64459 Critical SQL Injection Vulnerability in Django (CVE-2025-64459) Python news Wed, 22 Apr 2026 12:51:14 +0000 https://changeflow.com/govping/data-privacy-cybersecurity/python-rce-vulnerabilities-cpython-affected-14th-apr-2026-04-14 https://changeflow.com/govping/data-privacy-cybersecurity/python-rce-vulnerabilities-cpython-affected-14th-apr-2026-04-14 CERT-FR Warns of Python/CPython RCE Vulnerabilities (CVE-2026-4786, CVE-2026-6100) Python news Wed, 22 Apr 2026 12:51:13 +0000 https://www.zscaler.com/blogs/security-research/malicious-pypi-packages-deliver-silentsync-rat https://www.zscaler.com/blogs/security-research/malicious-pypi-packages-deliver-silentsync-rat Malicious PyPI Packages Deliver SilentSync RAT Python news Wed, 22 Apr 2026 12:51:13 +0000 https://github.com/Bearer/bearer https://github.com/Bearer/bearer Bearer: SAST Tool to Discover, Filter, and Prioritize Security and Privacy Risks Python beginner Wed, 22 Apr 2026 12:51:12 +0000 https://neospl0it.github.io/master-google-dorking-advanced-search-techniques https://neospl0it.github.io/master-google-dorking-advanced-search-techniques Master Google Dorking: Advanced Techniques for OSINT and Ethical Hacking OSINT intermediate Wed, 22 Apr 2026 12:51:11 +0000 https://niemanreports.org/osint-open-source-investigations-bellingcat-volunteers/ https://niemanreports.org/osint-open-source-investigations-bellingcat-volunteers/ Lessons from Building an Online Toolkit to Aid Open-Source Investigations OSINT intermediate Wed, 22 Apr 2026 12:51:11 +0000 https://inteltechniques.com/book1.html https://inteltechniques.com/book1.html IntelTechniques Books (Michael Bazzell) OSINT beginner Wed, 22 Apr 2026 12:51:10 +0000 https://epieos.com https://epieos.com Epieos: The Ultimate OSINT Tool OSINT beginner Wed, 22 Apr 2026 12:51:09 +0000 https://bellingcat.gitbook.io/toolkit https://bellingcat.gitbook.io/toolkit Bellingcat's Online Investigation Toolkit OSINT beginner Wed, 22 Apr 2026 12:51:08 +0000 https://www.digitalstakeout.com/blog/automating-google-dorking-osint https://www.digitalstakeout.com/blog/automating-google-dorking-osint Automating Google Dorking: From Manual OSINT Technique to Continuous Monitoring OSINT intermediate Wed, 22 Apr 2026 12:51:08 +0000 https://github.com/alpkeskin/mosint https://github.com/alpkeskin/mosint mosint: An automated e-mail OSINT tool OSINT beginner Wed, 22 Apr 2026 12:51:07 +0000 https://github.com/The-Osint-Toolbox/Telegram-OSINT https://github.com/The-Osint-Toolbox/Telegram-OSINT Telegram-OSINT: In-depth repository of Telegram OSINT resources OSINT beginner Wed, 22 Apr 2026 12:51:06 +0000 https://github.com/The-Osint-Toolbox/Email-Username-OSINT https://github.com/The-Osint-Toolbox/Email-Username-OSINT Email-Username-OSINT Toolbox OSINT beginner Wed, 22 Apr 2026 12:51:06 +0000 https://github.com/Astrosp/Awesome-OSINT-For-Everything https://github.com/Astrosp/Awesome-OSINT-For-Everything Awesome OSINT for Everything OSINT beginner Wed, 22 Apr 2026 12:51:05 +0000 https://www.armosec.io/blog/cve-2025-1094-postgresql-sql-injection-vulnerability/ https://www.armosec.io/blog/cve-2025-1094-postgresql-sql-injection-vulnerability/ CVE-2025-1094: PostgreSQL SQL Injection Vulnerability SQLi news Wed, 22 Apr 2026 12:51:04 +0000 https://github.com/regaan/sqlmap-tamper-collection https://github.com/regaan/sqlmap-tamper-collection SQLMap Tamper Collection: Modern WAF Bypass Scripts (Cloudflare, AWS, Azure) SQLi intermediate Wed, 22 Apr 2026 12:51:03 +0000 https://pulsesecurity.co.nz/articles/postgres-sqli https://pulsesecurity.co.nz/articles/postgres-sqli SQL Injection and Postgres: An Adventure to Eventual RCE SQLi intermediate Wed, 22 Apr 2026 12:51:02 +0000 https://onsecurity.io/article/pentesting-postgresql-with-sql-injections/ https://onsecurity.io/article/pentesting-postgresql-with-sql-injections/ Pentesting PostgreSQL with SQL Injections SQLi intermediate Wed, 22 Apr 2026 12:51:01 +0000 https://www.intigriti.com/researchers/blog/hacking-tools/exploiting-nosql-injection-nosqli-vulnerabilities https://www.intigriti.com/researchers/blog/hacking-tools/exploiting-nosql-injection-nosqli-vulnerabilities NoSQL Injection: Advanced Exploitation Guide SQLi advanced Wed, 22 Apr 2026 12:51:01 +0000 https://www.synack.com/exploits-explained/exploits-explained-nosql-injection-returns-private-information/ https://www.synack.com/exploits-explained/exploits-explained-nosql-injection-returns-private-information/ Exploits Explained: NoSQL Injection Returns Private Information SQLi beginner Wed, 22 Apr 2026 12:51:00 +0000 https://github.com/Winz18/CVE-2025-52694-POC https://github.com/Winz18/CVE-2025-52694-POC CVE-2025-52694 PoC: Critical SQL Injection in Advantech IoTSuite/SaaS-Composer SQLi news Wed, 22 Apr 2026 12:50:59 +0000 https://securitylabs.datadoghq.com/articles/mcp-vulnerability-case-study-SQL-injection-in-the-postgresql-mcp-server/ https://securitylabs.datadoghq.com/articles/mcp-vulnerability-case-study-SQL-injection-in-the-postgresql-mcp-server/ MCP Vulnerability Case Study: SQL Injection in the Postgres MCP Server SQLi intermediate Wed, 22 Apr 2026 12:50:58 +0000 https://dl.acm.org/doi/10.1145/3788286 https://dl.acm.org/doi/10.1145/3788286 BWAFSQLi: Bypassing Web Application Firewall with Adversarial SQL Injections SQLi advanced Wed, 22 Apr 2026 12:50:58 +0000 https://www.thehackerwire.com/librechat-ssrf-bypass-via-ipv6-mapped-address-confusion/ https://www.thehackerwire.com/librechat-ssrf-bypass-via-ipv6-mapped-address-confusion/ LibreChat SSRF Bypass via IPv6 Mapped Address Confusion SSRF intermediate Wed, 22 Apr 2026 12:50:57 +0000 https://aydinnyunus.github.io/2026/03/14/ssrf-dns-rebinding-vulnerability/ https://aydinnyunus.github.io/2026/03/14/ssrf-dns-rebinding-vulnerability/ SSRF Vulnerability: Bypassing Protection with DNS Rebinding Attack SSRF intermediate Wed, 22 Apr 2026 12:50:56 +0000 https://fluidattacks.com/advisories/registrada https://fluidattacks.com/advisories/registrada is-localhost-ip 2.0.0 SSRF via Restrictions Bypass (CVE-2025-9960) SSRF news Wed, 22 Apr 2026 12:50:55 +0000 https://github.com/In3tinct/See-SURF https://github.com/In3tinct/See-SURF See-SURF: Tool to Find Potential Vulnerable SSRF Parameters SSRF beginner Wed, 22 Apr 2026 12:50:55 +0000 https://www.intigriti.com/researchers/blog/hacking-tools/ssrf-vulnerabilities-in-nextjs-targets https://www.intigriti.com/researchers/blog/hacking-tools/ssrf-vulnerabilities-in-nextjs-targets Hacking Next.js Targets: Advanced SSRF Exploitation Guide SSRF advanced Wed, 22 Apr 2026 12:50:54 +0000 https://www.intigriti.com/researchers/blog/hacking-tools/catflix-ctf-ssrf-nextjs-middleware https://www.intigriti.com/researchers/blog/hacking-tools/catflix-ctf-ssrf-nextjs-middleware Catflix CTF: Exploiting SSRFs in Next.js Middleware SSRF intermediate Wed, 22 Apr 2026 12:50:53 +0000 https://github.com/openclaw/openclaw/security/advisories/GHSA-jrvc-8ff5-2f9f https://github.com/openclaw/openclaw/security/advisories/GHSA-jrvc-8ff5-2f9f SSRF Guard Bypass via Full-Form IPv4-Mapped IPv6 Literal SSRF intermediate Wed, 22 Apr 2026 12:50:53 +0000 https://github.com/advisories/GHSA-4342-x723-ch2f https://github.com/advisories/GHSA-4342-x723-ch2f Next.js Improper Middleware Redirect Handling Leads to SSRF (CVE-2025-57822) SSRF news Wed, 22 Apr 2026 12:50:52 +0000 https://github.com/craftcms/cms/security/advisories/GHSA-v2gc-rm6g-wrw9 https://github.com/craftcms/cms/security/advisories/GHSA-v2gc-rm6g-wrw9 Craft CMS Cloud Metadata SSRF Protection Bypass via IPv6 Resolution SSRF intermediate Wed, 22 Apr 2026 12:50:51 +0000 https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx Axios Unrestricted Cloud Metadata Exfiltration via Header Injection Chain (CVE-2026-40175) SSRF news Wed, 22 Apr 2026 12:50:50 +0000 https://motasemhamdan.medium.com/geoservers-2025-xxe-vulnerability-explained-e82caff3a661 https://motasemhamdan.medium.com/geoservers-2025-xxe-vulnerability-explained-e82caff3a661 GeoServer 2025 XXE Vulnerability (CVE-2025-58360) Explained XXE news Wed, 22 Apr 2026 12:50:50 +0000 https://www.securityweek.com/critical-apache-tika-vulnerability-leads-to-xxe-injection/ https://www.securityweek.com/critical-apache-tika-vulnerability-leads-to-xxe-injection/ Critical Apache Tika Vulnerability Leads to XXE Injection XXE news Wed, 22 Apr 2026 12:50:49 +0000 https://www.miggo.io/vulnerability-database/cve/CVE-2025-30220 https://www.miggo.io/vulnerability-database/cve/CVE-2025-30220 CVE-2025-30220: GeoServer WFS Service XML External Entity XXE news Wed, 22 Apr 2026 12:50:48 +0000 https://www.offsec.com/blog/cve-2025-27136/ https://www.offsec.com/blog/cve-2025-27136/ CVE-2025-27136: LocalS3 CreateBucketConfiguration XXE Injection XXE news Wed, 22 Apr 2026 12:50:47 +0000 https://github.com/W01fh4cker/CVE-2024-30043-XXE https://github.com/W01fh4cker/CVE-2024-30043-XXE CVE-2024-30043: Exploiting XXE on SharePoint via Confused URL Parsing (PoC) XXE intermediate Wed, 22 Apr 2026 12:50:47 +0000 https://www.akamai.com/blog/security-research/cve-2025-66516-detecting-defending-apache-tika-xxe-attack https://www.akamai.com/blog/security-research/cve-2025-66516-detecting-defending-apache-tika-xxe-attack CVE-2025-66516: Detecting and Defending Against Apache Tika XXE XXE news Wed, 22 Apr 2026 12:50:46 +0000 https://www.ameeba.com/blog/cve-2025-59845-csrf-vulnerability-in-apollo-studio-embeddable-explorer-embeddable-sandbox/ https://www.ameeba.com/blog/cve-2025-59845-csrf-vulnerability-in-apollo-studio-embeddable-explorer-embeddable-sandbox/ CVE-2025-59845: CSRF Vulnerability in Apollo Studio Embeddable Explorer and Sandbox GraphQL news Wed, 22 Apr 2026 12:50:45 +0000 https://www.ameeba.com/blog/cve-2025-31496-graphql-query-vulnerability-in-apollo-compiler-leading-to-possible-denial-of-service/ https://www.ameeba.com/blog/cve-2025-31496-graphql-query-vulnerability-in-apollo-compiler-leading-to-possible-denial-of-service/ CVE-2025-31496: GraphQL Query Vulnerability in Apollo Compiler Leading to DoS GraphQL news Wed, 22 Apr 2026 12:50:45 +0000 https://amannsharmaa.medium.com/the-16-hour-window-catching-a-graphql-authorization-flaw-575f6e5c1217 https://amannsharmaa.medium.com/the-16-hour-window-catching-a-graphql-authorization-flaw-575f6e5c1217 The 16-Hour Window: Catching a GraphQL Authorization Flaw GraphQL intermediate Wed, 22 Apr 2026 12:50:44 +0000 https://github.com/omar2535/GraphQLer https://github.com/omar2535/GraphQLer GraphQLer: Context-Aware GraphQL API Fuzzing Tool GraphQL intermediate Wed, 22 Apr 2026 12:50:43 +0000 https://checkmarx.com/blog/exploiting-graphql-query-depth/ https://checkmarx.com/blog/exploiting-graphql-query-depth/ Exploiting GraphQL Query Depth GraphQL intermediate Wed, 22 Apr 2026 12:50:42 +0000 https://www.praetorian.com/blog/exploiting-broken-authentication-control-graphql/ https://www.praetorian.com/blog/exploiting-broken-authentication-control-graphql/ Exploiting Broken Authentication Control in GraphQL GraphQL intermediate Wed, 22 Apr 2026 12:50:42 +0000 https://checkmarx.com/blog/didnt-notice-your-rate-limiting-graphql-batching-attack/ https://checkmarx.com/blog/didnt-notice-your-rate-limiting-graphql-batching-attack/ Didn't Notice Your Rate Limiting: GraphQL Batching Attack GraphQL intermediate Wed, 22 Apr 2026 12:50:41 +0000 https://escape.tech/blog/graphql-batch-attacks-cause-dos/ https://escape.tech/blog/graphql-batch-attacks-cause-dos/ Avoid GraphQL Denial-of-Service Attacks through Batching and Aliasing GraphQL intermediate Wed, 22 Apr 2026 12:50:40 +0000 https://salt.security/blog/api-threat-research-graphql-authorization-flaws-in-financial-technology-platform https://salt.security/blog/api-threat-research-graphql-authorization-flaws-in-financial-technology-platform API Threat Research: GraphQL Authorization Flaws in a FinTech Platform GraphQL intermediate Wed, 22 Apr 2026 12:50:39 +0000 https://github.com/advisories/GHSA-75m2-jhh5-j5g2 https://github.com/advisories/GHSA-75m2-jhh5-j5g2 Apollo Router Query Planner Excessive Resource Consumption via Named Fragment Expansion (CVE-2025-32034) GraphQL news Wed, 22 Apr 2026 12:50:39 +0000 https://medium.com/@melodicbook/how-mass-assignment-led-to-stored-xss-and-a-csp-bypass-in-a-major-chatbot-platform-3c6569d7c9e9 https://medium.com/@melodicbook/how-mass-assignment-led-to-stored-xss-and-a-csp-bypass-in-a-major-chatbot-platform-3c6569d7c9e9 Mass-Assignment to Stored XSS and CSP Bypass in a Chatbot Platform XSS advanced Wed, 22 Apr 2026 12:50:38 +0000 https://kuldeep.io/posts/fulldisclosure-dom-based-xss/ https://kuldeep.io/posts/fulldisclosure-dom-based-xss/ Full Disclosure: DOM-Based XSS And Failures In Bug Bounty Hunting XSS beginner Wed, 22 Apr 2026 12:50:37 +0000 https://www.sherlockforensics.com/blog/cross-site-scripting-xss-is-surging-4-new-cves-this-week.html https://www.sherlockforensics.com/blog/cross-site-scripting-xss-is-surging-4-new-cves-this-week.html Cross-Site Scripting (XSS) Is Surging: 4 New CVEs This Week XSS news Wed, 22 Apr 2026 12:50:37 +0000 https://jarm222.github.io/posts/CVE-2025-26244-Writeup/ https://jarm222.github.io/posts/CVE-2025-26244-Writeup/ CVE-2025-26244: Stored XSS in DeimosC2 Leading to Privilege Escalation XSS news Wed, 22 Apr 2026 12:50:36 +0000 https://github.com/RoNiXxCybSeC0101/CVE-2025-25461 https://github.com/RoNiXxCybSeC0101/CVE-2025-25461 CVE-2025-25461: SeedDMS Stored XSS XSS news Wed, 22 Apr 2026 12:50:35 +0000 https://portswigger.net/research/finding-dom-polyglot-xss-in-paypal-the-easy-way https://portswigger.net/research/finding-dom-polyglot-xss-in-paypal-the-easy-way Finding DOM Polyglot XSS in PayPal the Easy Way XSS intermediate Wed, 22 Apr 2026 12:50:34 +0000 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-xss-VWyDgjOU https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-xss-VWyDgjOU Cisco IOS XE Web Authentication Reflected XSS Advisory XSS news Wed, 22 Apr 2026 12:50:34 +0000 https://github.com/advisories/GHSA-v4hv-rgfq-gp49 https://github.com/advisories/GHSA-v4hv-rgfq-gp49 CVE-2025-66412: Angular Stored XSS via SVG Animation and MathML Attributes XSS news Wed, 22 Apr 2026 12:50:33 +0000 https://security.paloaltonetworks.com/CVE-2025-0133 https://security.paloaltonetworks.com/CVE-2025-0133 CVE-2025-0133: PAN-OS Reflected XSS in GlobalProtect Gateway XSS news Wed, 22 Apr 2026 12:50:32 +0000 https://arxiv.org/pdf/2502.08467 https://arxiv.org/pdf/2502.08467 Synthesizing XSS Polyglots with Monte Carlo Tree Search (arXiv 2025) XSS advanced Wed, 22 Apr 2026 12:50:32 +0000 https://theosintedge.medium.com/new-types-of-hacking-idor-attacks-evolved-ce556e25572e https://theosintedge.medium.com/new-types-of-hacking-idor-attacks-evolved-ce556e25572e New Types of Hacking: IDOR Attacks Evolved IDOR advanced Wed, 22 Apr 2026 12:50:31 +0000 https://thexssrat.medium.com/hunting-for-idor-and-bac-vulnerabilities-in-b2b-applications-with-burp-suites-authorize-extension-597877b53d94 https://thexssrat.medium.com/hunting-for-idor-and-bac-vulnerabilities-in-b2b-applications-with-burp-suites-authorize-extension-597877b53d94 Hunting for IDOR and BAC in B2B Apps with Burp Authorize IDOR intermediate Wed, 22 Apr 2026 12:50:30 +0000 https://www.penligent.ai/hackinglabs/idor-in-the-wild-what-cve-2025-13526-really-teaches-security-engineers/ https://www.penligent.ai/hackinglabs/idor-in-the-wild-what-cve-2025-13526-really-teaches-security-engineers/ IDOR in the Wild: What CVE-2025-13526 Teaches Security Engineers IDOR news Wed, 22 Apr 2026 12:50:29 +0000 https://research.cleantalk.org/cve-2025-14371/ https://research.cleantalk.org/cve-2025-14371/ CVE-2025-14371: TaxoPress IDOR / Object-Level Authorization Bypass IDOR news Wed, 22 Apr 2026 12:50:29 +0000 https://github.com/6h4ack/IDOR-Scanner https://github.com/6h4ack/IDOR-Scanner IDOR-Scanner: Burp Suite Extension for Automated IDOR Detection IDOR intermediate Wed, 22 Apr 2026 12:50:28 +0000 https://escape.tech/blog/idor-in-graphql/ https://escape.tech/blog/idor-in-graphql/ GraphQL IDOR Vulnerabilities: What They Are and How to Fix IDOR beginner Wed, 22 Apr 2026 12:50:27 +0000 https://advisories.gitlab.com/golang/github.com/zitadel/zitadel/CVE-2025-64431/ https://advisories.gitlab.com/golang/github.com/zitadel/zitadel/CVE-2025-64431/ CVE-2025-64431: IDOR in ZITADEL Organization API Allows Cross-Tenant Tampering IDOR news Wed, 22 Apr 2026 12:50:26 +0000 https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-pr6m-q4g7-342c https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-pr6m-q4g7-342c OpenCTI GraphQL IDOR Allows Workspace Content Deletion IDOR news Wed, 22 Apr 2026 12:50:26 +0000 https://nvd.nist.gov/vuln/detail/CVE-2025-2271 https://nvd.nist.gov/vuln/detail/CVE-2025-2271 CVE-2025-2271: IDOR Vulnerability Detail IDOR news Wed, 22 Apr 2026 12:50:25 +0000 https://github.com/advisories/GHSA-3j4c-6c9j-p6jj https://github.com/advisories/GHSA-3j4c-6c9j-p6jj CVE-2025-1270: IDOR in h6web by Anapi Group IDOR news Wed, 22 Apr 2026 12:50:24 +0000 https://www.securityweek.com/are-sboms-failing-supply-chain-attacks-rise-as-security-teams-struggle-with-sbom-data/ https://www.securityweek.com/are-sboms-failing-supply-chain-attacks-rise-as-security-teams-struggle-with-sbom-data/ Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data https://ift.tt/GMVqgjU Supply Chain beginner Wed, 22 Apr 2026 12:25:49 +0000 https://www.mishcon.com/news/axios-supply-chain-attack-deploys-multi-os-malware https://www.mishcon.com/news/axios-supply-chain-attack-deploys-multi-os-malware Axios supply chain attack deploys multi-OS malware https://ift.tt/qVLszCa Supply Chain news Wed, 22 Apr 2026 12:25:48 +0000 https://www.mexc.com/news/1045276 https://www.mexc.com/news/1045276 AI Sparks Bug-Bounty Surge in Crypto, but Low-Quality Reports Grow https://ift.tt/huVd7WD Bug Bounty news Wed, 22 Apr 2026 11:29:38 +0000 https://www.tomshardware.com/tech-industry/artificial-intelligence/anthropics-model-context-protocol-has-critical-security-flaw-exposed https://www.tomshardware.com/tech-industry/artificial-intelligence/anthropics-model-context-protocol-has-critical-security-flaw-exposed Anthropic's Model Context Protocol includes a critical remote code execution vulnerability — newly discovered exploit puts 200,000 AI servers at risk https://ift.tt/KLVv9gP AI news Wed, 22 Apr 2026 11:29:37 +0000 https://www.securityweek.com/google-antigravity-in-crosshairs-of-security-researchers-cybercriminals/ https://www.securityweek.com/google-antigravity-in-crosshairs-of-security-researchers-cybercriminals/ Google Antigravity in Crosshairs of Security Researchers, Cybercriminals https://ift.tt/ZgkxGsP RCE news Wed, 22 Apr 2026 10:39:19 +0000 https://thehackernews.com/2026/04/cohere-ai-terrarium-sandbox-flaw.html https://thehackernews.com/2026/04/cohere-ai-terrarium-sandbox-flaw.html Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape https://ift.tt/1Oulkrs RCE news Wed, 22 Apr 2026 10:28:28 +0000 https://letsdatascience.com/news/anthropic-ai-finds-271-vulnerabilities-in-firefox-78685110 https://letsdatascience.com/news/anthropic-ai-finds-271-vulnerabilities-in-firefox-78685110 Anthropic AI Finds 271 Vulnerabilities in Firefox https://ift.tt/61geSjc Fuzzing news Wed, 22 Apr 2026 10:10:22 +0000 https://cybernews.com/security/dnn-vulnerability-enables-rce-exploits-on-web-servers/ https://cybernews.com/security/dnn-vulnerability-enables-rce-exploits-on-web-servers/ Fake SVG puts 750,000 websites at risk: hackers can seize the web server https://ift.tt/BwtOzhU RCE news Wed, 22 Apr 2026 07:59:14 +0000 https://www.tipranks.com/news/private-companies/ai-driven-endpoints-highlight-expanding-software-supply-chain-risk https://www.tipranks.com/news/private-companies/ai-driven-endpoints-highlight-expanding-software-supply-chain-risk AI-Driven Endpoints Highlight Expanding Software Supply Chain Risk https://ift.tt/Op8eSmM Supply Chain beginner Wed, 22 Apr 2026 06:55:47 +0000 https://briefglance.com/articles/aikido-unveils-endpoint-security-as-supply-chain-attacks-hit-developers https://briefglance.com/articles/aikido-unveils-endpoint-security-as-supply-chain-attacks-hit-developers Aikido Unveils Endpoint Security as Supply Chain Attacks Hit Developers https://ift.tt/aDBmAct Supply Chain news Wed, 22 Apr 2026 05:01:32 +0000 https://www.mishcon.com/news/adobe-acrobat-reader-prototype-pollution-vulnerability-enables-remote-code-execution https://www.mishcon.com/news/adobe-acrobat-reader-prototype-pollution-vulnerability-enables-remote-code-execution Adobe Acrobat Reader: Prototype pollution vulnerability enables remote code execution https://ift.tt/6Vm9ieE RCE news Wed, 22 Apr 2026 00:54:23 +0000 https://devops.com/critical-microsoft-github-flaw-highlights-dangers-to-ci-cd-pipelines-tenable/ https://devops.com/critical-microsoft-github-flaw-highlights-dangers-to-ci-cd-pipelines-tenable/ Critical Microsoft GitHub Flaw Highlights Dangers to CI/CD Pipelines: Tenable https://ift.tt/nvuCc9x Supply Chain news Tue, 21 Apr 2026 22:40:30 +0000 https://www.cybersecuritydive.com/news/cisa--security-teams-environments-axios-compromise/818081/ https://www.cybersecuritydive.com/news/cisa--security-teams-environments-axios-compromise/818081/ CISA urges security teams to view environments following axios compromise https://ift.tt/JYRaA0z Supply Chain news Tue, 21 Apr 2026 19:15:37 +0000 https://thehackernews.com/2026/04/22-bridgebreak-flaws-expose-20000.html https://thehackernews.com/2026/04/22-bridgebreak-flaws-expose-20000.html 22 BRIDGE:BREAK Flaws Expose 20,000 Lantronix and Silex Serial-to-IP Converters https://ift.tt/DKsAtmp RCE news Tue, 21 Apr 2026 16:09:33 +0000 https://cybersecuritynews.com/cisa-warns-axios-npm-supply-chain/ https://cybersecuritynews.com/cisa-warns-axios-npm-supply-chain/ CISA Warns Axios npm Package Was Compromised in Major Supply Chain Attack https://ift.tt/bSQfTkG Supply Chain news Tue, 21 Apr 2026 15:45:19 +0000 https://bdtechtalks.substack.com/p/the-by-design-security-flaw-of-model https://bdtechtalks.substack.com/p/the-by-design-security-flaw-of-model The 'by design' security flaw of Model Context Protocol (MCP) https://ift.tt/kotl0Is AI news Tue, 21 Apr 2026 15:34:39 +0000 https://www.scworld.com/brief/aikido-security-launches-endpoint-to-secure-ai-development-and-mitigate-supply-chain-attacks https://www.scworld.com/brief/aikido-security-launches-endpoint-to-secure-ai-development-and-mitigate-supply-chain-attacks Aikido Security launches Endpoint to secure AI development and mitigate supply chain attacks https://ift.tt/pWgtqSF Supply Chain news Tue, 21 Apr 2026 15:20:50 +0000 https://www.darkreading.com/vulnerabilities-threats/google-fixes-critical-rce-flaw-ai-based-antigravity-tool https://www.darkreading.com/vulnerabilities-threats/google-fixes-critical-rce-flaw-ai-based-antigravity-tool Google Fixes Critical RCE Flaw in AI-Based Antigravity Tool https://ift.tt/1QOIZsB RCE news Tue, 21 Apr 2026 15:09:32 +0000 https://thenextweb.com/news/lovable-vibe-coding-security-crisis-exposed https://thenextweb.com/news/lovable-vibe-coding-security-crisis-exposed Lovable left thousands of projects exposed for 48 days, and the vibe coding security crisis is only getting worse https://ift.tt/LVCAuWM API Security news Tue, 21 Apr 2026 14:46:48 +0000 https://www.aikido.dev/blog/endpoint-security-for-developer-devices https://www.aikido.dev/blog/endpoint-security-for-developer-devices Introducing Endpoint Protection: Security for Developer Devices https://ift.tt/2w1NTUs Supply Chain news Tue, 21 Apr 2026 14:25:37 +0000 https://cyberpress.org/lovable-ai-app-builder-reportedly-exposes-thousands-of-project-data-via-api-flaw/ https://cyberpress.org/lovable-ai-app-builder-reportedly-exposes-thousands-of-project-data-via-api-flaw/ Lovable AI App Builder Reportedly Exposes Thousands of Project Data via API Flaw https://ift.tt/rUbhJN8 API Security news Tue, 21 Apr 2026 13:56:24 +0000 https://www.globenewswire.com/news-release/2026/04/20/3276846/0/en/aikido-security-launches-endpoint-protection-for-developer-devices-as-software-supply-chain-attacks-hit-unprecedented-scale.html https://www.globenewswire.com/news-release/2026/04/20/3276846/0/en/aikido-security-launches-endpoint-protection-for-developer-devices-as-software-supply-chain-attacks-hit-unprecedented-scale.html Aikido Security Launches Endpoint Protection for Developer Devices as Software Supply Chain Attacks Hit Unprecedented Scale https://ift.tt/UoCFdbH Supply Chain news Tue, 21 Apr 2026 13:35:41 +0000 https://gbhackers.com/apache-syncope-rce-vulnerability/ https://gbhackers.com/apache-syncope-rce-vulnerability/ Apache Syncope RCE Vulnerability Detailed After Public Exploit Code Release https://ift.tt/hT4dgwi RCE news Tue, 21 Apr 2026 13:24:36 +0000 https://www.csoonline.com/article/4161382/prompt-injection-turned-googles-antigravity-file-search-into-rce.html https://www.csoonline.com/article/4161382/prompt-injection-turned-googles-antigravity-file-search-into-rce.html Prompt injection turned Google’s Antigravity file search into RCE https://ift.tt/kx2siuv AI news Tue, 21 Apr 2026 13:24:34 +0000 https://www.bleepingcomputer.com/news/security/actively-exploited-apache-activemq-flaw-impacts-6-400-servers/ https://www.bleepingcomputer.com/news/security/actively-exploited-apache-activemq-flaw-impacts-6-400-servers/ Actively exploited Apache ActiveMQ flaw impacts 6,400 servers https://ift.tt/TMZ4gHl RCE news Tue, 21 Apr 2026 11:44:27 +0000 https://cybersecuritynews.com/prompt-injection-via-github-comments/ https://cybersecuritynews.com/prompt-injection-via-github-comments/ Claude Code, Gemini CLI, and GitHub Copilot Vulnerable to Prompt Injection via GitHub Comments https://ift.tt/FS25xif AI news Tue, 21 Apr 2026 10:31:11 +0000 https://thehackernews.com/2026/04/google-patches-antigravity-ide-flaw.html https://thehackernews.com/2026/04/google-patches-antigravity-ide-flaw.html Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution https://ift.tt/WhCTNuU AI news Tue, 21 Apr 2026 10:29:24 +0000 https://www.theregister.com/2026/04/20/lovable_denies_data_leak/ https://www.theregister.com/2026/04/20/lovable_denies_data_leak/ Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus https://ift.tt/oy8L9Ec API Security news Tue, 21 Apr 2026 10:11:33 +0000 https://smestreet.in/technology/tenable-research-uncovers-remote-code-execution-vulnerability-in-microsoft-github-repository-11749892 https://smestreet.in/technology/tenable-research-uncovers-remote-code-execution-vulnerability-in-microsoft-github-repository-11749892 Tenable Research Uncovers Remote Code Execution Vulnerability in Microsoft GitHub Repository, https://ift.tt/V1EDXyM RCE news Tue, 21 Apr 2026 10:04:20 +0000 https://cyberpress.org/hackers-could-weaponize-gguf-models-to-achieve-rce-on-sglang-inference-servers/ https://cyberpress.org/hackers-could-weaponize-gguf-models-to-achieve-rce-on-sglang-inference-servers/ Hackers Could Weaponize GGUF Models to Achieve RCE on SGLang Inference Servers https://ift.tt/UTpIVmw RCE news Tue, 21 Apr 2026 08:54:09 +0000 https://cyberpress.org/cisa-warns-axios-npm-package-was-compromised-in-major-supply-chain-attack/ https://cyberpress.org/cisa-warns-axios-npm-package-was-compromised-in-major-supply-chain-attack/ CISA Warns Axios npm Package Was Compromised in Major Supply Chain Attack https://ift.tt/eymP7Vs Supply Chain news Tue, 21 Apr 2026 08:35:14 +0000 https://www.itvoice.in/tenable-research-uncovers-remote-code-execution-vulnerability-in-microsoft-github-repository-exposing-ci-cd-pipeline-to-unauthorized-code-execution https://www.itvoice.in/tenable-research-uncovers-remote-code-execution-vulnerability-in-microsoft-github-repository-exposing-ci-cd-pipeline-to-unauthorized-code-execution Tenable Research Uncovers Remote Code Execution Vulnerability in Microsoft GitHub Repository, Exposing CI/CD Pipeline to Unauthorized Code Execution https://ift.tt/sOHxvXg RCE news Tue, 21 Apr 2026 08:29:41 +0000 https://cybersecuritynews.com/anthropics-mcp-vulnerability/ https://cybersecuritynews.com/anthropics-mcp-vulnerability/ Critical Anthropic’s MCP Vulnerability Enables Remote Code Execution Attacks https://ift.tt/NgPh5a6 RCE news Tue, 21 Apr 2026 07:19:29 +0000 https://startupfortune.com/lovables-api-flaw-exposed-private-project-data-from-the-66-billion-ai-app-builder-used-by-nvidia-and-microsoft-teams/ https://startupfortune.com/lovables-api-flaw-exposed-private-project-data-from-the-66-billion-ai-app-builder-used-by-nvidia-and-microsoft-teams/ Lovable’s API flaw exposed private project data from the $6.6 billion AI app builder used by Nvidia and Microsoft teams https://ift.tt/E5xzyKD API Security news Tue, 21 Apr 2026 06:56:42 +0000 https://gbhackers.com/malicious-gguf-models-could-trigger-rce/ https://gbhackers.com/malicious-gguf-models-could-trigger-rce/ Malicious GGUF Models Could Trigger Remote Code Execution on SGLang Servers https://ift.tt/tE3rbwk RCE news Tue, 21 Apr 2026 06:29:47 +0000 https://gbhackers.com/cisa-warns-compromised-axios-npm-package/ https://gbhackers.com/cisa-warns-compromised-axios-npm-package/ CISA Warns Compromised Axios npm Package Fueled Major Supply Chain Attack https://ift.tt/3Sh8QXg Supply Chain news Tue, 21 Apr 2026 06:15:40 +0000 https://gbhackers.com/lovable-ai-app-builder-hit-by-reported-api-flaw/ https://gbhackers.com/lovable-ai-app-builder-hit-by-reported-api-flaw/ Lovable AI App Builder Hit by Reported API Flaw Exposing Thousands of Projects https://ift.tt/asxTLXh API Security news Tue, 21 Apr 2026 06:11:05 +0000 https://letsdatascience.com/news/sglang-enables-remote-code-execution-via-malicious-gguf-mode-963bf60d https://letsdatascience.com/news/sglang-enables-remote-code-execution-via-malicious-gguf-mode-963bf60d SGLang Enables Remote Code Execution via Malicious GGUF Models https://ift.tt/IRetcHV RCE news Tue, 21 Apr 2026 05:38:42 +0000 https://www.trendmicro.com/pt_br/research/26/d/vercel-breach-oauth-supply-chain.html https://www.trendmicro.com/pt_br/research/26/d/vercel-breach-oauth-supply-chain.html The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables https://ift.tt/jIBeCuh Supply Chain news Tue, 21 Apr 2026 03:15:46 +0000 https://www.trendmicro.com/ru_ru/research/26/d/vercel-breach-oauth-supply-chain.html https://www.trendmicro.com/ru_ru/research/26/d/vercel-breach-oauth-supply-chain.html The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables https://ift.tt/K8Z5lwR Supply Chain news Tue, 21 Apr 2026 02:50:35 +0000 https://www.cyberkendra.com/2026/04/lovable-left-thousands-of-projects.html https://www.cyberkendra.com/2026/04/lovable-left-thousands-of-projects.html Lovable Left Thousands of Projects Exposed for 48 Days — And Still Hasn't Fixed It https://ift.tt/jFxufgQ API Security news Tue, 21 Apr 2026 02:01:38 +0000 https://www.esecurityplanet.com/threats/api-security-risks-rise-as-ai-adoption-accelerates/ https://www.esecurityplanet.com/threats/api-security-risks-rise-as-ai-adoption-accelerates/ API Security Risks Rise as AI Adoption Accelerates https://ift.tt/oL4A7vV API Security beginner Tue, 21 Apr 2026 02:01:37 +0000 https://www.trendmicro.com/de_de/research/26/d/vercel-breach-oauth-supply-chain.html https://www.trendmicro.com/de_de/research/26/d/vercel-breach-oauth-supply-chain.html The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables https://ift.tt/D9r2QqY Supply Chain news Tue, 21 Apr 2026 01:00:27 +0000 https://www.tipranks.com/news/private-companies/astrix-security-highlights-rising-risk-in-oauth-driven-supply-chain-attacks-2 https://www.tipranks.com/news/private-companies/astrix-security-highlights-rising-risk-in-oauth-driven-supply-chain-attacks-2 Astrix Security Highlights Rising Risk in OAuth-Driven Supply Chain Attacks https://ift.tt/pdx7G9Z Supply Chain news Tue, 21 Apr 2026 00:35:45 +0000 https://www.scworld.com/brief/critical-rce-vulnerability-in-protobuf-js-exploit-code-published https://www.scworld.com/brief/critical-rce-vulnerability-in-protobuf-js-exploit-code-published Critical RCE vulnerability in protobuf.js; Exploit code published https://ift.tt/LxzVmlR RCE news Mon, 20 Apr 2026 23:39:19 +0000 https://cybersecuritynews.com/lovable-ai-app-builder-customer-data/ https://cybersecuritynews.com/lovable-ai-app-builder-customer-data/ Lovable AI App Builder Reportedly Exposes Customer Data From Projects via Unpatched API Flaw https://ift.tt/U5uy4dg API Security news Mon, 20 Apr 2026 22:41:34 +0000 https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities_20260416 https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities_20260416 Google Chrome Multiple Vulnerabilities https://ift.tt/u1NDCGr RCE news Mon, 20 Apr 2026 22:29:33 +0000 https://cyberscoop.com/google-antigravity-pillar-security-agent-sandbox-escape-remote-code-execution/ https://cyberscoop.com/google-antigravity-pillar-security-agent-sandbox-escape-remote-code-execution/ Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution https://ift.tt/MnhvV7G AI news Mon, 20 Apr 2026 21:44:17 +0000 https://cyberpress.org/iterm2-flaw-abuses-ssh-integration-escape-sequences-to-turn-text-into-code-execution/ https://cyberpress.org/iterm2-flaw-abuses-ssh-integration-escape-sequences-to-turn-text-into-code-execution/ iTerm2 Flaw Abuses SSH Integration Escape Sequences to Turn Text Into Code Execution https://ift.tt/l13PHeM RCE news Mon, 20 Apr 2026 20:09:03 +0000 https://www.trendmicro.com/en_us/research/26/d/vercel-breach-oauth-supply-chain.html https://www.trendmicro.com/en_us/research/26/d/vercel-breach-oauth-supply-chain.html The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables https://ift.tt/60RoEYV Supply Chain news Mon, 20 Apr 2026 19:50:44 +0000 https://www.scworld.com/news/vercel-incident-falls-short-of-a-supply-chain-attack-for-now https://www.scworld.com/news/vercel-incident-falls-short-of-a-supply-chain-attack-for-now Vercel incident falls short of a supply chain attack https://ift.tt/mfiYhux Supply Chain news Mon, 20 Apr 2026 18:40:23 +0000 https://www.cybersecuritydive.com/news/vulnerability-disclosure-surges-warnings-greynoise/817952/ https://www.cybersecuritydive.com/news/vulnerability-disclosure-surges-warnings-greynoise/817952/ Vulnerability exploitation surges often precede disclosure, offering possible early warnings https://ift.tt/UAnQyhJ RCE news Mon, 20 Apr 2026 15:49:22 +0000 https://www.ox.security/blog/vercel-context-ai-supply-chain-attack-breachforums/ https://www.ox.security/blog/vercel-context-ai-supply-chain-attack-breachforums/ Supply Chain Attack Hits Vercel: User Data is Being Sold on BreachForums For $2M https://ift.tt/4aw2YkZ Supply Chain news Mon, 20 Apr 2026 15:40:30 +0000 https://gbhackers.com/anthropic-mcp-hit-by-critical-vulnerability/ https://gbhackers.com/anthropic-mcp-hit-by-critical-vulnerability/ Anthropic MCP Hit by Critical Vulnerability Enabling Remote Code Execution https://ift.tt/4HM1zP0 AI news Mon, 20 Apr 2026 15:24:36 +0000 https://cyberpress.org/critical-anthropic-mcp-vulnerability/ https://cyberpress.org/critical-anthropic-mcp-vulnerability/ Critical Anthropic MCP Vulnerability Enables Remote Code Execution Attacks https://ift.tt/sjNEzGL AI news Mon, 20 Apr 2026 14:39:48 +0000 https://cyberscoop.com/ai-powered-security-operations-axios-supply-chain-attack/ https://cyberscoop.com/ai-powered-security-operations-axios-supply-chain-attack/ Why the Axios attack proves AI is mandatory for supply chain security https://ift.tt/AnX6trC Supply Chain news Mon, 20 Apr 2026 13:50:36 +0000 https://finance.yahoo.com/sectors/technology/articles/aikido-security-launches-endpoint-protection-110000337.html https://finance.yahoo.com/sectors/technology/articles/aikido-security-launches-endpoint-protection-110000337.html Aikido Security Launches Endpoint Protection for Developer Devices as Software Supply Chain Attacks Hit Unprecedented Scale https://ift.tt/rNiAjU3 Supply Chain news Mon, 20 Apr 2026 13:25:49 +0000 https://www.techzine.eu/news/security/140610/aikido-endpoint-offers-developers-additional-protection-against-supply-chain-attacks/ https://www.techzine.eu/news/security/140610/aikido-endpoint-offers-developers-additional-protection-against-supply-chain-attacks/ Aikido Endpoint offers developers additional protection against supply chain attacks https://ift.tt/8yt0jbA Supply Chain news Mon, 20 Apr 2026 12:25:17 +0000 https://uk.finance.yahoo.com/news/aikido-security-launches-endpoint-protection-110000316.html https://uk.finance.yahoo.com/news/aikido-security-launches-endpoint-protection-110000316.html Aikido Security Launches Endpoint Protection for Developer Devices as Software Supply Chain Attacks Hit Unprecedented Scale https://ift.tt/sVFAYcE Supply Chain news Mon, 20 Apr 2026 11:35:39 +0000 https://betanews.com/article/new-security-agent-helps-fight-software-supply-chain-attacks/ https://betanews.com/article/new-security-agent-helps-fight-software-supply-chain-attacks/ New security agent helps fight software supply chain attacks https://ift.tt/tRoy3LB Supply Chain news Mon, 20 Apr 2026 11:10:29 +0000 https://tech.eu/2026/04/20/aikido-launches-endpoint-to-secure-ai-native-developer-workflows/ https://tech.eu/2026/04/20/aikido-launches-endpoint-to-secure-ai-native-developer-workflows/ Aikido launches Endpoint to secure AI-native developer workflows https://ift.tt/ULhxSu6 Supply Chain news Mon, 20 Apr 2026 11:10:28 +0000 https://hackread.com/52m-download-protobuf-js-library-rce-schema-handle/ https://hackread.com/52m-download-protobuf-js-library-rce-schema-handle/ 52M-Download protobuf.js Library Hit by RCE in Schema Handling https://ift.tt/i1QdNDX RCE news Mon, 20 Apr 2026 10:54:42 +0000 https://cybersecuritynews.com/flowise-vulnerability/ https://cybersecuritynews.com/flowise-vulnerability/ Critical Vulnerability In Flowise Allows Remote Command Execution Via MCP Adapters https://ift.tt/NBwdZU2 RCE news Mon, 20 Apr 2026 09:41:18 +0000 https://www.helpnetsecurity.com/2026/04/20/meta-bug-bounty-portswigger-partnership/ https://www.helpnetsecurity.com/2026/04/20/meta-bug-bounty-portswigger-partnership/ Meta and PortSwigger drive offensive security further to find what others miss https://ift.tt/gc5osvx Bug Bounty news Mon, 20 Apr 2026 08:49:31 +0000 https://thecyberexpress.com/cisco-ise-vulnerabilities-enable-rce/ https://thecyberexpress.com/cisco-ise-vulnerabilities-enable-rce/ Cisco ISE Vulnerabilities Enable Remote Code Execution https://ift.tt/I3pcsMW RCE news Mon, 20 Apr 2026 06:29:45 +0000 https://www.scworld.com/brief/dark-web-forum-hosts-10000-article-contest-on-vulnerability-exploitation https://www.scworld.com/brief/dark-web-forum-hosts-10000-article-contest-on-vulnerability-exploitation Dark web forum hosts $10,000 article contest on vulnerability exploitation https://ift.tt/Mc8sEPr Bug Bounty news Mon, 20 Apr 2026 03:44:09 +0000 https://www.theregister.com/2026/04/17/cisa_tells_feds_to_patch/ https://www.theregister.com/2026/04/17/cisa_tells_feds_to_patch/ CISA tells feds to patch 13-year-old Apache ActiveMQ bug under active attack https://ift.tt/m82B1ER RCE news Sun, 19 Apr 2026 14:04:39 +0000