securityweek.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-05-15.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-05-15 2026 | OpenAI Hit by TanStack Supply Chain AttackSupply Chain | Writeup of the TanStack supply chain attack, detailing how the TeamPCP group compromised 42 packages and over 170 namespaces across NPM and PyPI. This coordinated campaign infected developer devices with the Shai-Hulud worm, leading to exfiltration of credential material from OpenAI's internal source code repositories via two employee devices. OpenAI responded by rotating credentials, revoking sessions, restricting workflows, and revoking/re-signing code-signing certificates for multiple platforms. |
| 2026-05-13 2026 | Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening EnterprisesRCE | Vulnerability writeup of CVE-2026-40361, a critical zero-click use-after-free bug in Microsoft Outlook and Word, allowing remote code execution via email previews. Discovered by Haifei Li, developer of Expmon, this flaw, similar to the decade-old BadWinmail (CVE-2015-6172), bypasses enterprise firewalls and targets users by exploiting Outlook's email rendering engine, making plain-text rendering a potential mitigation. Microsoft rates exploitation as "more likely." |
| 2026-05-13 2026 | Fortinet Ivanti Patch Critical VulnerabilitiesRCE | Advisories detail critical vulnerabilities patched by Fortinet and Ivanti. Fortinet addressed CVE-2026-44277 and CVE-2026-26083, both CVSS 9.1 critical code execution flaws in FortiAuthenticator and FortiSandbox respectively, alongside CVE-2025-53844, a high-severity out-of-bounds write in FortiOS. Ivanti's patches include CVE-2026-8043, a critical CVSS 9.6 file write vulnerability in Xtraction, plus high-severity SQL injection and OS command injection flaws in Endpoint Manager and Virtual Traffic Manager. |
| 2026-05-12 2026 | SailPoint Discloses GitHub Repository HackSupply Chain | Writeup of SailPoint's GitHub repository hack, occurring April 20th, resulted from a third-party application vulnerability. SailPoint contained the incident swiftly, with a cybersecurity firm's investigation finding no evidence of production or staging data compromise or service interruption. Affected customers in the accessed repositories were notified, with no further action currently required. The specific vulnerability and threat actor remain undisclosed, with no confirmed link to TeamPCP. |
| 2026-05-12 2026 | TanStack Mistral AI UiPath Hit in Fresh Supply Chain AttackSupply Chain | Library that authors of the Mini Shai-Hulud supply chain attack compromised to steal developer credentials, API keys, and secrets. The attack targeted over 170 packages across NPM and PyPI, including TanStack, Mistral AI, and UiPath. Attackers exploited vulnerabilities in GitHub Actions OIDC tokens and cache poisoning to publish malicious packages with forged SLSA provenance, making them appear legitimate. The malware harvested sensitive data through multiple exfiltration channels, including a decentralized Session network. |
| 2026-05-11 2026 | Build Application Firewalls Aim to Stop the Next Supply Chain AttackSupply Chain | Library from InvisiRisk, a build application firewall (BAF), enforces policy during the CI/CD build process by inspecting package activity rather than solely scanning code. This approach aims to prevent supply chain attacks, such as those involving the SolarWinds breach or hijacked npm libraries like Axios, by detecting unexpected or malicious actions within the build environment. The BAF, along with InvisiRisk's TruSBOM tool, provides detailed explanations for risky actions and generates accurate SBOMs by directly observing the software build process, offering a robust defense against evolving threats. |
| 2026-05-11 2026 | Checkmarx Jenkins AST Plugin Compromised in Supply Chain AttackSupply Chain | Plugin version 2.0.13-829.vc72453fa_1c16 of the Checkmarx Jenkins AST plugin is the secure version, after a malicious iteration was published to the Jenkins Marketplace. This compromise, attributed to the TeamPCP hacker gang and potentially the Lapsus$ extortion group, stems from a wider supply chain attack impacting Checkmarx's repositories since March, following a Trivy supply chain incident. |
| 2026-05-07 2026 | Vendor Says Daemon Tools Supply Chain Attack ContainedSupply Chain | Analysis of the Daemon Tools supply chain attack details how threat actors injected trojanized versions of Daemon Tools Lite (specifically version 12.5.1) released between April 8 and May 5 with code to collect information and deploy backdoors. Disc Soft has since contained the incident, removed compromised files, and released a clean version (12.6.0.2445), advising users to uninstall the affected software and scan their systems. |
| 2026-05-07 2026 | Gemini CLI Vulnerability Could Have Led to Code Execution Supply Chain AttackSupply Chain | Vulnerability analysis of Gemini CLI identified a critical flaw (CVSS 10/10) that could enable supply chain attacks. Exploiting indirect prompts in GitHub issues, attackers could bypass tool allowlists in –yolo mode, leading to arbitrary command execution. This allows for the extraction of secrets, gaining write access to repositories, and pushing malicious code to downstream users. The issue, affecting multiple Google repositories and also impacting headless mode via lax trust, was patched in Gemini CLI version 0.39.1. |
| 2026-05-06 2026 | Sophisticated Quasar Linux RAT Targets Software DevelopersSupply Chain | Analysis of Quasar Linux (QLNX), a sophisticated backdoor targeting software developers. QLNX employs a modular architecture with rootkit capabilities, detection evasion, and multiple persistence methods including crontab, desktop entries, init scripts, service files, and shell lines. It focuses on stealing developer credentials for AWS, Kubernetes, Docker Hub, Git, NPM, and PyPI, enabling attackers to compromise publishing pipelines and pivot to cloud environments. The RAT uses a PAM backdoor and an eBPF rootkit to conceal its presence at both userspace and kernel levels, while supporting 58 commands for comprehensive system control and information harvesting. |
| 2026-05-06 2026 | Government Scientific Entities Hit via Daemon Tools Supply Chain AttackSupply Chain | Library containing injected code in Daemon Tools versions 12.5.0.2421 through 12.5.0.2434 has been identified as part of a supply chain attack affecting government, scientific, and other organizations. The compromised binaries, including DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe, activate a backdoor that fetches and executes payloads, with targeted deployments of information collectors and the QUIC RAT observed. |
| 2026-05-05 2026 | Critical Remote Code Execution Vulnerability Patched in AndroidMobileRCE | Library addressing CVE-2026-0073, a critical Android System vulnerability enabling unauthenticated remote code execution via the Android Debug Bridge daemon. Exploitation does not require user interaction. This critical flaw, impacting the 'adbd' process, allows attackers to execute code as the shell user without further privileges. While no exploits in the wild have been reported for this specific CVE, other Android vulnerabilities like CVE-2024-43093 and CVE-2025-38352 were exploited previously. |
| 2026-05-05 2026 | Critical High-Severity Vulnerabilities Patched in Apache MINA HTTP ServerRCE | Library updates for Apache MINA and HTTP Server address critical and high-severity vulnerabilities. Apache MINA 2.2.7 and 2.1.12 fix CVE-2026-42778, an incomplete fix for insecure deserialization and RCE, and CVE-2026-42779, an incomplete fix for allowlist bypass and code execution. Apache HTTP Server 2.4.67 resolves CVE-2026-23918 (double-free, RCE), CVE-2026-28780 (heap buffer overflow, RCE), and other issues including CRLF sequence manipulation (CVE-2026-33523) and digest authentication bypass (CVE-2026-33006). |
| 2026-05-05 2026 | MetInfo Weaver E-cology Vulnerabilities in Attackers CrosshairsRCE | Writeup detailing exploitation of CVE-2026-29014 in MetInfo CMS and CVE-2026-22679 in Weaver E-cology. Both vulnerabilities allow unauthenticated remote code execution (RCE). MetInfo's flaw is a PHP code injection, while Weaver E-cology's stems from exposed debug functionality, enabling attackers to execute arbitrary commands via crafted POST requests and use the debug endpoint as a direct shell for discovery and payload delivery. |
| 2026-05-01 2026 | 1800 Hit in Mini Shai-Hulud Attack on SAP Lightning IntercomSupply Chain | Writeup of the Mini Shai-Hulud supply chain attack, impacting over 1,800 developers across PyPi, NPM, and PHP ecosystems. TeamPCP's campaign injected malicious versions of SAP NPM packages, the Lightning PyPi package, and the intercom-client NPM package with information-stealing malware. The payload, disguised with the description "A Mini Shai-Hulud has Appeared," exfiltrates credentials, keys, and tokens, targeting Kubernetes environments and HashiCorp Vault secrets, utilizing GitHub commits for C&C commands. |
| 2026-04-30 2026 | SAP NPM Packages Targeted in Supply Chain AttackSupply Chain | Library of compromised SAP NPM packages, including npm mbt 1.2.48, npm @cap-js/db-service 2.10.1, npm @cap-js/postgres 2.2.2, and npm @cap-js/sqlite 2.2.2, were found to contain malicious code as part of the Mini Shai-Hulud supply chain attack. The injected preinstall script acted as a bootstrapper, fetching and executing a Bun binary that stole local credentials, GitHub/NPM tokens, and cloud secrets. The malware exfiltrated data to GitHub repositories with a specific description and included a propagation mechanism, targeting SAP CAP and Business Technology Platform workflows. The incident is attributed to TeamPCP, leveraging a shared RSA public key for encryption. |
| 2026-04-30 2026 | Critical Gemini CLI Flaw Enabled Host Code Execution Supply Chain AttacksRCESupply Chain | Writeup of the critical Gemini CLI vulnerability (CVE-2024-XXXX, unassigned) discovered by Novee Security, which allowed for host code execution through untrusted agent configurations loaded from workspaces. Attackers could exploit this to steal secrets, gain lateral movement, and conduct supply chain attacks within CI/CD pipelines, bypassing prompt injection. This is distinct from prior research demonstrating hijacking of AI agents like Claude Code Security Review and GitHub Copilot Agent via malicious GitHub comments. |
| 2026-04-29 2026 | Fresh LiteLLM Vulnerability Exploited Shortly After DisclosureAISQLi | Library for securing AI gateways; a critical-severity SQL injection vulnerability (CVE-2026-42208, CVSS 9.3) in LiteLLM allowed unauthenticated attackers to exfiltrate database credentials and API keys by exploiting the proxy API key verification process. Attacks were observed shortly after disclosure, targeting database tables containing sensitive information. LiteLLM version 1.83.7 resolves this by properly parameterizing database queries. |
| 2026-04-29 2026 | 38 Vulnerabilities Found in OpenEMR Medical SoftwareMobileSQLi | Analysis of OpenEMR reveals 38 CVE-assigned vulnerabilities, including critical SQL injection flaws (CVE-2026-24908, CVE-2026-23627) allowing database compromise and PHI exfiltration, and an authorization bypass (CVE-2026-24487) exposing patient data. These issues, primarily stemming from authorization flaws, were identified by Aisle and have since been patched by OpenEMR developers. |
| 2026-04-29 2026 | Checkmarx Confirms Data Stolen in Supply Chain AttackSupply Chain | Analysis of a supply chain attack targeting Checkmarx's KICS open source project, involving the Trivy supply chain compromise and attributed to TeamPCP. Attackers leveraged hijacked GitHub Action version tags, poisoned OpenVSX plugins, and two GitHub Actions workflows. Subsequently, Lapsus$ also joined in, claiming theft of source code, employee databases, API keys, and credentials, further poisoning a DockerHub KICS image, a GitHub action, and VS Code/Developer Assist extensions, impacting the Bitwarden CLI. |
| 2026-04-29 2026 | Critical GitHub Vulnerability Exposed Millions of RepositoriesRCESupply Chain | Writeup of CVE-2026-3854, a critical remote code execution flaw in GitHub's internal Git infrastructure. This injection vulnerability allowed authenticated users to execute arbitrary commands on backend servers via a simple `git push` command, potentially compromising millions of repositories on GitHub Enterprise Server and GitHub.com. Wiz researchers discovered the issue, which affected various GitHub Enterprise offerings, and a patch was subsequently released. |
| 2026-04-28 2026 | Dozens of Open VSX Extension Clones Linked to GlassWorm MalwareSupply Chain | Analysis of 73 cloned extensions on the Open VSX marketplace reveals a sophisticated GlassWorm malware campaign. These extensions, masquerading as legitimate tools, employ social engineering and Unicode obfuscation to evade detection, stealing GitHub, Git, NPM credentials, and cryptocurrency. The malware's delivery mechanism involves bundled native binaries and remote payload retrieval, a tactic designed to bypass static analysis and compromise users through normal extension updates. |
| 2026-04-24 2026 | Bitwarden NPM Package Hit in Supply Chain AttackSupply Chain | Writeup detailing the compromise of the Bitwarden CLI NPM package, version 2026.4.0, in a supply chain attack. The malicious package contained code to exfiltrate secrets and tokens from Azure, AWS, GitHub, GCP, and NPM, and weaponized GitHub tokens to abuse GitHub Actions. This incident shares similarities with previous attacks on Checkmarx, including payload structure and credential harvesting methods, and shows potential links to the Shai-Hulud worm campaigns. |
| 2026-04-22 2026 | Critical Apache Tika Vulnerability Leads to XXE InjectionXXE | Writeup of CVE-2025-66516, a critical XXE injection vulnerability in Apache Tika, affecting tika-core, tika-pdf-module, and tika-parsers. Attackers can exploit this flaw via crafted XFA files within PDFs, potentially leading to information leaks, SSRF, DoS, or RCE. This issue expands the scope of a previous vulnerability, CVE-2025-54988. Patches are available in tika-core 3.2.2, tika-parser-pdf-module 3.2.2, and tika-parsers 2.0.0. |
| 2026-04-22 2026 | Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM DataSupply Chain | Analysis of SBOM failures reveals that while Software Bills of Materials and Vulnerability Exploitability eXchange statements offer data, security teams lack decision clarity. Supply chain attacks, including those leveraging Trivy and Axios, persist due to inconsistent interpretation of SBOM/VEX data, lack of updated SBOM delivery, and hesitations in exploitability assertions. Researcher Devashri Datta advocates for a unified, governance-driven intelligence layer to interpret SBOMs as lifecycle signals and VEX as contextual input, enabling explainable and defensible decisions amidst increasing regulatory pressure and rapid exploitation times. |
| 2026-04-22 2026 | Google Antigravity in Crosshairs of Security Researchers CybercriminalsRCE | Writeup on Google Antigravity vulnerabilities, detailing a sandbox escape flaw allowing arbitrary code execution through insufficient input sanitization during file search operations, which bypasses Secure Mode and can be triggered via indirect prompt injection. Additionally, researchers discovered a fake website distributing a trojanized installer that deploys stealer malware, targeting browser data, cryptocurrency wallets, and employing techniques like clipboard hijacking, keystroke logging, and hidden desktop tradecraft. |
| 2026-04-16 2026 | Splunk Enterprise Update Patches Code Execution VulnerabilityRCE | Update for Splunk Enterprise addresses CVE-2026-20204, a high-severity flaw allowing low-privileged users to achieve remote code execution via temporary file handling issues. It also patches medium-severity vulnerabilities in Splunk Enterprise and Cloud Platform related to username formatting and Data Model Acceleration control. Additionally, CVE-2026-20205 in MCP Server, a high-severity vulnerability allowing authenticated attackers to view clear-text user sessions and tokens, is fixed in MCP Server app version 1.0.3. Patches for third-party packages across various Splunk products are also included. |
| 2026-04-15 2026 | Fortinet Patches Critical FortiSandbox VulnerabilitiesRCE | Library advisories detail critical vulnerabilities patched by Fortinet, including CVE-2026-39813 for FortiSandbox JRPC API authentication bypass and CVE-2026-39808 for FortiSandbox OS command injection, both exploitable via HTTP requests without authentication. Additionally, CVE-2026-22828, a high-severity buffer overflow in FortiAnalyzer Cloud, was patched, alongside SQL injection bugs in FortiDDoS-F and FortiClientEMS, and various medium- and low-severity issues across other Fortinet products. |
| 2026-04-13 2026 | OpenAI Impacted by North Korea-Linked Axios Supply Chain HackSupply Chain | Writeup detailing the Axios supply chain attack, where malicious NPM packages of the popular JavaScript HTTP client were distributed by North Korea-linked hackers. OpenAI was impacted, with a GitHub Actions workflow for macOS app-signing inadvertently downloading and executing a compromised Axios version. While OpenAI believes its macOS signing certificate was not compromised, they are revoking and rotating it as a precaution against potential code signing abuses. Evidence suggests widespread impact, with malicious versions seen in multiple environments. |
| 2026-04-10 2026 | Orthanc DICOM Vulnerabilities Lead to Crashes RCERCE | Library of nine vulnerabilities, CVE-2026-5437 to CVE-2026-5445, impacting the Orthanc DICOM server, allowing for server crashes, data leaks, and remote code execution. These defects stem from insufficient metadata validation, missing checks, and unsafe arithmetic, manifesting as out-of-bounds reads, GZIP and ZIP decompression bombs, HTTP server memory exhaustion, and heap buffer overflows in image parsing and decoding logic. Versions 1.12.10 and earlier are affected; update to 1.12.11 for remediation. |
| 2026-04-10 2026 | Critical Marimo Flaw Exploited Hours After Public DisclosureRCE | Writeup detailing the rapid exploitation of CVE-2026-39987, a critical unauthenticated RCE vulnerability in the Marimo reactive notebook. The flaw, discovered in the terminal WebSocket endpoint due to a lack of authentication validation, allowed attackers to gain an interactive shell and execute arbitrary commands. Exploitation began within nine hours of public disclosure, with attackers quickly moving to exfiltrate credentials and search for sensitive files like SSH keys. Releases up to Marimo 0.20.4 are affected, and users are urged to update to version 0.23.0 or newer. |
| 2026-04-08 2026 | RCE Bug Lurked in Apache ActiveMQ Classic for 13 YearsRCE | Writeup of CVE-2026-34197, a critical RCE vulnerability in Apache ActiveMQ Classic discovered by Horizon3.ai. This flaw, present for 13 years, can be chained with CVE-2022-41678, allowing attackers to exploit the Jolokia API and VM transport to execute OS commands. In some deployments, it can be combined with CVE-2024-32114 for unauthenticated RCE. Updates to ActiveMQ Classic 5.19.4 and 6.2.3 are recommended. |
| 2026-04-08 2026 | Hackers Targeting Ninja Forms Bug That Exposes WordPress Sites to TakeoverRCE | Writeup on CVE-2026-0740, a critical unauthenticated arbitrary file upload vulnerability in Ninja Forms' File Uploads addon. This flaw, with a CVSS score of 9.8, allows attackers to bypass file type validation and use path traversal to upload malicious PHP code to the webroot, enabling remote code execution and complete site takeover. Defiant reports thousands of exploitation attempts against the ~50,000 affected websites. Users should update to version 3.3.27. |
| 2026-04-07 2026 | Guardarian Users Targeted With Malicious Strapi NPM PackagesSupply Chain | Library of 36 malicious NPM packages targeting Strapi users, discovered by SafeDep, delivered payloads for Redis code execution, Docker container escape, credential harvesting, and reverse shell deployment. Payloads exploited Redis instances for webshells and reverse shells, escaped Docker containers, and targeted PostgreSQL databases. The campaign specifically aimed at Guardarian users, exfiltrating configurations and API modules, with attackers pivoting to reconnaissance and data collection after initial aggressive approaches failed. |
| 2026-04-07 2026 | Critical Flowise Vulnerability in Attacker CrosshairsRCE | Library updates address CVE-2025-59528, a critical remote code execution vulnerability in Flowise affecting versions up to 3.0.5. This flaw allows attackers to exploit unvalidated user-supplied JavaScript in MCP server configuration, granting full Node.js runtime privileges and access to the file system. Threat actors are actively exploiting this bug, posing an extreme risk to business continuity and sensitive data for thousands of exposed Flowise instances. Version 3.0.6 includes the patch. |
| 2026-04-07 2026 | North Korean Hackers Target High-Profile Node.js MaintainersSupply Chain | Analysis of UNC1069's social engineering campaign targeting Node.js maintainers, including those involved with Socket, Platformatic, Dotenv, and the Node.js Security Working Group. These attackers employ detailed, multi-week lures, mirroring tactics seen in Operation Dream Job and Contagious Interview, to trick high-profile maintainers into executing malware, as evidenced by the Axios supply chain attack. |
| 2026-04-04 2026 | European Commission Confirms Data Breach Linked to Trivy Supply Chain AttackSupply Chain | Writeup detailing the European Commission's data breach, confirming over 300GB of data theft from its AWS environment. Hackers exploited an API key compromised during the TeamPCP-led supply chain attack on Aqua Security's Trivy vulnerability scanner. The attackers leveraged tools like TruffleHog to discover secrets and exfiltrate data related to 71 clients of the Europa web hosting service, with the stolen information later appearing on the ShinyHunters leak site. |
| 2026-04-03 2026 | Critical ShareFile Flaws Lead to Unauthenticated RCERCE | Writeup detailing chained vulnerabilities CVE-2026-2699 (Execution After Redirect) and CVE-2026-2701 (arbitrary file upload) in Citrix ShareFile. WatchTowr discovered these flaws allowed unauthenticated attackers to gain administrative access, exfiltrate sensitive files to attacker-controlled S3 buckets, and achieve remote code execution by uploading a web shell. The vulnerabilities were patched in ShareFile version 5.12.4. |
| 2026-03-19 2026 | Russian APT Exploits Zimbra Vulnerability Against UkraineXSS | Writeup detailing CVE-2025-66376, a stored XSS vulnerability in Zimbra Collaboration's Classic UI, exploited by Russian APT28 (Forest Blizzard) in attacks against Ukraine. This flaw, addressable via CSS @import directives in email HTML, allows for credential theft, session token exfiltration, and mailbox data extraction. CISA has added this vulnerability to its KEV catalog, mandating patches for federal agencies. |
| 2024-12-10 2024 | SAP Patches Critical Vulnerability in NetWeaverSSRF | Writeup detailing SAP's December 2024 Security Patch Day, which includes nine new and four updated security notes. A critical Server-Side Request Forgery (SSRF) vulnerability, CVE-2024-47578, in NetWeaver AS for JAVA (Adobe Document Services) allows for full system compromise. Medium-severity flaws CVE-2024-47579 and CVE-2024-47580 permit file reading. Additionally, CVE-2024-54198, an authenticated information disclosure bug in NetWeaver, can be exploited via manipulated Remote Function Call (RFC) requests to gain sensitive credentials. Other addressed vulnerabilities include SSRF, XSS, and NULL pointer dereference. |
| 2024-10-11 2024 | GitLab Patches Pipeline Execution SSRF XSS VulnerabilitiesSSRF | Library updates from GitLab address eight vulnerabilities in Community and Enterprise Edition releases. These include critical pipeline execution flaws like CVE-2024-9164 and CVE-2024-8970, a server-side request forgery (SSRF) impacting Product Analytics Dashboard, and a cross-site scripting (XSS) bug in application authorization. Additional fixes cover merge request diff viewing issues, deploy key vulnerabilities, guest user project template disclosure, and instance version disclosure. |