cybernews.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-05-15.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-05-15 2026 | OpenAI says no user data compromised after supply-chain attackSupply Chain | OpenAI has confirmed that no user data was compromised following a recent supply-chain attack. The incident involved a malicious actor gaining access to a third-party vendor's tools, which in turn had access to OpenAI's systems. While the attackers could view certain customer information, including names, emails, and payment details of some users, OpenAI states that no sensitive data like passwords or full credit card numbers were accessed. The company has since revoked the vendor's access and is working to prevent similar incidents in the future. |
| 2026-05-14 2026 | Mistral AI allegedly breached by Dune-loving criminals following TanStack supply chain hit 450 repositories exposedSupply Chain | Mistral AI is reportedly the latest victim of a cyberattack following the recent TanStack supply chain incident. Threat actors, described as "Dune-loving criminals," are alleged to have breached Mistral AI, exposing 450 of its repositories. This attack highlights a growing trend of supply chain compromises targeting prominent tech companies. No bounty payout amount is mentioned in the provided content. |
| 2026-05-14 2026 | Critical NGINX exploit: hackers can crash servers run remote code without authenticationRCE | A critical vulnerability has been discovered in NGINX, a popular web server. Attackers can exploit this flaw to crash servers and execute remote code without needing any authentication. This means unauthenticated users could potentially gain control of compromised servers. The severity of this exploit poses a significant risk to systems running NGINX. |
| 2026-05-14 2026 | OpenAI says two employee devices hit by TanStack malware attack but no user data breachedSupply Chain | OpenAI reported a malware attack affecting two employee devices due to a compromised dependency, TanStack. The company stated that no user data was accessed or breached as a result of the incident. The attackers gained access to employee tools, but OpenAI confirmed their systems have been secured and a thorough investigation is underway. No bug bounty payout amount was mentioned. |
| 2026-05-12 2026 | Hundreds of open source packages hacked: Im just not gonna run npm install anymoreSupply Chain | Hundreds of open source packages hacked: “I’m just not gonna run npm install anymore” https://ift.tt/rDlQGUa |
| 2026-05-07 2026 | Hackers run code on PAN-OS firewalls as root without authentication: critical zero-day unveiledRCE | A critical zero-day vulnerability has been discovered in Palo Alto Networks' PAN-OS firewalls. This flaw allows attackers to execute code as root without any authentication. The vulnerability, identified as CVE-2024-3400, impacts PAN-OS versions 10.1, 11.0, 11.1, and 11.2. While the content mentions a critical zero-day, it does not specify any bug bounty payout amount. |
| 2026-05-06 2026 | Major AI platform Ollama critically leaking: 300000 servers exposed to hackersAPI Sec | Ollama, a popular AI platform, is critically vulnerable, exposing approximately 300,000 servers to potential hacking. This significant security lapse could allow unauthorized access to sensitive data and systems running on these servers. The extent of the breach and the specific nature of the leak are still under investigation, but the large number of affected servers highlights a major security concern within the AI infrastructure. Further details on remediation and the exact impact are expected as the situation develops. |
| 2026-04-28 2026 | ClickUp is leaking customer data via hardcoded API key researcher claimsAPI SecSecrets | A security researcher claims that ClickUp is leaking customer data due to a hardcoded API key. This vulnerability could potentially expose sensitive information belonging to ClickUp users. The specifics of the data leak and its extent are not detailed in the provided content. |
| 2026-04-24 2026 | Bitwarden CLI tool compromised: hundreds of developers pull credential-stealing malwareSupply Chain | The Bitwarden command-line interface (CLI) tool was compromised, leading to hundreds of developers unknowingly downloading malware that steals credentials. This incident highlights a significant security breach within the open-source ecosystem. The compromised version of the CLI tool was distributed, potentially exposing sensitive information from affected users. |
| 2026-04-22 2026 | Massive compromise hits LiteLLM and the whole AI developers community: how did it happen?AI | Massive compromise hits LiteLLM and the whole AI developers community: how did it happen? https://ift.tt/kWQ0dJB |
| 2026-04-22 2026 | Fake SVG puts 750000 websites at risk: hackers can seize the web serverRCE | Fake SVG puts 750,000 websites at risk: hackers can seize the web server https://ift.tt/BwtOzhU |
| 2026-04-10 2026 | This Python notebook flaw shows how fast hackers are acting on advisoriesPython | This Python notebook flaw shows how fast hackers are acting on advisories https://ift.tt/U56juBE |
| 2026-04-04 2026 | How critical Axios NPM package got hacked: maintainer shared full storySupply Chain | How critical Axios NPM package got hacked: maintainer shared full story https://ift.tt/cqQuNFB |
| 2026-04-03 2026 | Update anxiety: is it safe to run apt update during active supply chain attackSupply Chain | Update anxiety: is it safe to run “apt update” during active supply chain attack https://ift.tt/xeBRmYn |
| 2026-04-02 2026 | North Korean hackers behind axios critical supply chain attack Google saysSupply Chain | North Korean hackers behind axios critical supply chain attack, Google says https://ift.tt/bSufe84 |