darkreading.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-05-14.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-05-14 2026 | Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply ChainSupply Chain | A new worm, dubbed "Mini Shai-Hulud" by researchers, is actively infecting the software supply chain. This malware targets developers, aiming to compromise their development environments and potentially inject malicious code into legitimate software projects. The worm's propagation methods and specific targets are still under investigation, but its presence signifies a growing threat to the integrity of software development and distribution. Organizations are advised to enhance their security protocols and vigilance against such supply chain attacks. |
| 2026-05-09 2026 | Every Old Vulnerability Is Now an AI VulnerabilityXSS | This article argues that as Artificial Intelligence (AI) systems become more integrated, traditional cybersecurity vulnerabilities are now also AI vulnerabilities. Existing exploits and weaknesses in software, hardware, and network infrastructure can be leveraged to target or compromise AI models. This means that the vast landscape of known security flaws presents a significant risk to AI systems, requiring a re-evaluation of security strategies to account for this expanded threat surface. |
| 2026-05-07 2026 | 'TrustFall' Exposes Claude Code Execution RiskRCE | 'TrustFall' Exposes Claude Code Execution Risk https://ift.tt/uApnWBD |
| 2026-04-30 2026 | TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' AttackSupply Chain | TeamPCP has developed a new attack targeting SAP applications called "Mini Shai-Hulud." This sophisticated threat leverages multiple vulnerabilities to bypass security controls and achieve remote code execution. The attack appears to be highly effective, capable of compromising SAP NetWeaver Application Server Java components. Further details on the exploit's mechanics and impact are available via the provided link. No specific bounty payout amounts were mentioned. |
| 2026-04-29 2026 | AI Finds 38 Security Flaws in OpenEMRAIRCE | An AI security tool, DeepScribe, has identified 38 vulnerabilities in OpenEMR, a popular open-source electronic health record system. These flaws range in severity, with DeepScribe flagging 10 as critical. The company plans to disclose these findings responsibly to OpenEMR's development team. This discovery highlights the potential of AI in uncovering security weaknesses in complex software. The specific bounty payout amount for this discovery is not mentioned. |
| 2026-04-21 2026 | Google Fixes Critical RCE Flaw in AI-Based Antigravity ToolRCE | Google Fixes Critical RCE Flaw in AI-Based Antigravity Tool https://ift.tt/1QOIZsB |
| 2026-04-17 2026 | SBOMs in 2026: Some Love, Some Hate, Much AmbivalenceSupply Chain | SBOMs in 2026: Some Love, Some Hate, Much Ambivalence |
| 2026-04-15 2026 | Privilege Elevation Dominates Massive Microsoft Patch UpdateAuthZ | Library of patches addressing Microsoft's April 2026 update, which included 165 CVEs, with a significant portion being elevation-of-privilege bugs. Key vulnerabilities detailed include CVE-2026-32201 (a SharePoint Server spoofing zero-day actively exploited), CVE-2026-33825 (a Defender privilege escalation zero-day), CVE-2026-33824 (a critical RCE in Windows IKE Service Extensions), and CVE-2026-33827 (a rare unauthenticated RCE in Windows secure tunneling). The update also featured numerous fixes for Microsoft Edge and Chromium. |
| 2026-04-06 2026 | AI-Assisted Supply Chain Attack Targets GitHubSupply Chain | AI-Assisted Supply Chain Attack Targets GitHub https://ift.tt/W3OMdbX |
| 2026-04-03 2026 | Source Code Leaks Highlight Lack of Supply Chain OversightSupply Chain | Analysis of recent supply chain attacks, including compromises of Trivy, Axios, and Anthropic's Claude Code, reveals significant vulnerabilities in development pipelines and credential management. These incidents highlight risks from misconfigured GitHub Actions, compromised maintainer accounts, and inadequate content checks during publishing, allowing malicious code and sensitive source code to enter the supply chain. Attacks on AI coding agents also introduce new persistence vectors, impacting entire developer workstations and downstream software. |
| 2025-10-24 2025 | Law Enforcement Cracks Down on XSS but Will It Last?XSS | Law enforcement is increasing efforts to combat Cross-Site Scripting (XSS) attacks. The effectiveness and longevity of these crackdowns are questioned. |
| 2024-07-30 2024 | OAuth+XSS Attack Threatens Millions of Web Users With Account TakeoverAPI SecAuthNXSS | An attack flow that combines API flaws within "log in with" implementations and Web injection bugs could affect millions of websites. |