scworld.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-04-23.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-04-23 2026 | Checkmarx Docker Hub repository compromised with malicious imagesSupply Chain | Checkmarx Docker Hub repository compromised with malicious images https://ift.tt/Cpy7bme |
| 2026-04-23 2026 | Namastex npm packages compromised in CanisterWorm supply chain attackSupply Chain | Namastex npm packages compromised in ‘CanisterWorm’ supply chain attack https://ift.tt/hbNKaTp |
| 2026-04-22 2026 | Flaw in Microsoft-owned GitHub repository allowed RCE via issue submissionSupply Chain | Flaw in Microsoft-owned GitHub repository allowed RCE via issue submission https://ift.tt/gj6ZlMi |
| 2026-04-21 2026 | Aikido Security launches Endpoint to secure AI development and mitigate supply chain attacksSupply Chain | Aikido Security launches Endpoint to secure AI development and mitigate supply chain attacks https://ift.tt/pWgtqSF |
| 2026-04-20 2026 | Critical RCE vulnerability in protobuf.js; Exploit code publishedRCE | Critical RCE vulnerability in protobuf.js; Exploit code published https://ift.tt/LxzVmlR |
| 2026-04-20 2026 | Vercel incident falls short of a supply chain attackSupply Chain | Vercel incident falls short of a supply chain attack https://ift.tt/mfiYhux |
| 2026-04-20 2026 | Dark web forum hosts $10000 article contest on vulnerability exploitationBug Bounty | Dark web forum hosts $10,000 article contest on vulnerability exploitation https://ift.tt/Mc8sEPr |
| 2026-04-17 2026 | Multiple attacks weaponizing critical Marimo RCE identifiedRCE | Multiple attacks weaponizing critical Marimo RCE identified https://ift.tt/jf9y43q |
| 2026-04-17 2026 | Apache ActiveMQ RCE bug to CISA list of exploited vulnerabilitiesRCE | Apache ActiveMQ RCE bug to CISA list of exploited vulnerabilities https://ift.tt/9E6z17w |
| 2026-04-16 2026 | Over 25K systems exposed by adware app to supply chain compromiseSupply Chain | Over 25K systems exposed by adware app to supply chain compromise https://ift.tt/j3iASoE |
| 2026-04-14 2026 | ShowDoc vulnerability actively exploitedRCE | ShowDoc vulnerability actively exploited https://ift.tt/4WwTRcH |
| 2026-04-14 2026 | UIDAI launches bug bounty program to secure Aadhaar ecosystemBug Bounty | UIDAI launches bug bounty program to secure Aadhaar ecosystem https://ift.tt/fLpPZD9 |
| 2026-04-13 2026 | Marimo vulnerability exploited within hours of disclosureRCE | Marimo vulnerability exploited within hours of disclosure https://ift.tt/81rELfN |
| 2026-04-13 2026 | OpenAIs macOS app-signing process hit by axios supply chain attackSupply Chain | OpenAI’s macOS app-signing process hit by axios supply chain attack https://ift.tt/ls0Yeug |
| 2026-04-09 2026 | 13-year-old Apache ActiveMQ RCE vulnerability discovered AI assisted in finding exploitRCE | 13-year-old Apache ActiveMQ RCE vulnerability discovered, AI assisted in finding exploit https://ift.tt/lf8xZQO |
| 2026-04-08 2026 | Critical Ninja Forms vulnerability allows remote code executionRCE | Critical Ninja Forms vulnerability allows remote code execution https://ift.tt/nvT0lgQ |
| 2026-04-08 2026 | AI coding assistants twice as likely to leak secrets as overall leaks rise 34%Secrets | AI coding assistants twice as likely to leak secrets, as overall leaks rise 34% https://ift.tt/4qoCUvD |
| 2026-04-07 2026 | Malware distributed via ILSpy WordPress domain breachSupply Chain | Malware distributed via ILSpy WordPress domain breach https://ift.tt/tSHJ7Uw |
| 2026-04-07 2026 | Active exploitation of max severity Flowise bug threatens broad compromiseRCE | Active exploitation of max severity Flowise bug threatens broad compromise https://ift.tt/JGLagkl |
| 2026-04-07 2026 | New CUPS vulnerabilities threaten RCE network breachesRCE | New CUPS vulnerabilities threaten RCE, network breaches https://ift.tt/p0IhT2K |
| 2026-04-03 2026 | Progress ShareFile vulnerabilities allow unauthenticated file exfiltrationRCE | Progress ShareFile vulnerabilities allow unauthenticated file exfiltration https://ift.tt/twXvzYE |
| 2026-04-03 2026 | Axios npm supply chain attack: Malicious updates add remote access trojanSupply Chain | Axios npm supply chain attack: Malicious updates add remote access trojan https://ift.tt/cg6G8VN |
| 2026-04-03 2026 | AI discovers RCE vulnerabilities in Vim and Emacs text editorsRCE | AI discovers RCE vulnerabilities in Vim and Emacs text editors https://ift.tt/mnLF45s |
| 2026-04-02 2026 | ImageMagick vulnerability allows remote code executionRCE | ImageMagick vulnerability allows remote code execution https://ift.tt/vt1cTJe |
| 2026-04-02 2026 | GIGABYTE Control Center vulnerability allows remote code executionRCE | GIGABYTE Control Center vulnerability allows remote code execution https://ift.tt/nuOqI4L |
| 2026-04-02 2026 | Trivy supply chain intrusion reportedly compromises Cisco source codeSupply Chain | Trivy supply chain intrusion reportedly compromises Cisco source code https://ift.tt/8Y4D9l2 |
| 2026-04-02 2026 | WhatsApp warns of spyware in fake iPhone appMobile | WhatsApp warns of spyware in fake iPhone app https://ift.tt/TKSQdCA |
| 2026-01-13 2026 | Data theft SSRF intrusions likely with critical Apache Struts 2 bugSSRF | A critical Apache Struts 2 bug has the potential to lead to data theft and Server-Side Request Forgery (SSRF) intrusions. This vulnerability could allow attackers to exploit the system, potentially resulting in unauthorized access to sensitive information. Organizations using Apache Struts 2 should be aware of this issue and take necessary precautions to mitigate the risk of data breaches and unauthorized access. |
| 2025-12-16 2025 | XSS remains as top MITRE software weaknessXSS | XSS (Cross-Site Scripting) continues to be a significant vulnerability in software according to MITRE. This type of weakness allows attackers to inject malicious scripts into web pages viewed by other users. It remains a top concern for software security due to its potential for data theft and unauthorized access. Organizations should prioritize addressing XSS vulnerabilities to enhance their software security posture and protect against cyber threats. |
| 2025-12-02 2025 | Old OpenPLC ScadaBR flaw added to CISA KEV after hacktivist attackXSS | An old vulnerability in OpenPLC ScadaBR was exploited by hacktivists, leading to its inclusion in the CISA Known Exploited Vulnerabilities (KEV) list. This flaw was targeted in an attack, prompting its recognition by the Cybersecurity and Infrastructure Security Agency (CISA). The incident highlights the importance of addressing and patching known vulnerabilities to prevent exploitation by malicious actors. |
| 2025-12-02 2025 | Entra ID tightens security against XSS attacksXSS | Entra ID has enhanced security measures to combat XSS attacks. This improvement aims to bolster protection against cross-site scripting vulnerabilities. By implementing stricter security protocols, Entra ID aims to fortify its defenses and safeguard against potential security breaches. |
| 2025-04-10 2025 | Amazon EC2 instance metadata targeted in SSRF attacksSSRF | Amazon EC2 instance metadata is being targeted in Server-Side Request Forgery (SSRF) attacks. This vulnerability allows attackers to access sensitive information stored in the instance metadata, potentially leading to data breaches or unauthorized access. It is crucial for users to implement security measures to protect against SSRF attacks, such as restricting access to the instance metadata and regularly updating security configurations. |
| 2025-03-13 2025 | Multiple SSRF vulnerabilities leveraged in far-reaching coordinated attackSSRF | The content discusses a significant cybersecurity threat involving multiple Server-Side Request Forgery (SSRF) vulnerabilities being exploited in a coordinated attack. This attack has far-reaching implications and highlights the importance of addressing and patching SSRF vulnerabilities to prevent unauthorized access to sensitive information or systems. It underscores the need for organizations to prioritize cybersecurity measures and stay vigilant against such threats to safeguard their digital assets and data. |