techradar.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-06-10.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-06-10 2026 | This Microsoft Defender zero-day could give hackers unprecedented access to your systemRCE | A critical zero-day vulnerability has been discovered in Microsoft Defender, potentially allowing hackers to gain "unprecedented access" to systems. The vulnerability, detailed in a recent report, poses a significant security risk, enabling attackers to compromise user devices. No specific payout amount for this bug bounty was mentioned in the provided content. |
| 2026-06-02 2026 | Compromised Red Hat npm packages downloaded over 80000 times in one week supply chain attack still ongoingSupply Chain | Writeup of a Red Hat npm supply chain attack, where compromised packages were downloaded over 80,000 times. The attack leveraged a variant of the Mini Shai-Hulud worm to steal GitHub secrets, npm tokens, cloud credentials, and other sensitive information, with a copycat worm exhibiting similar tradecraft and targeting GCP and Azure identities. |
| 2026-06-01 2026 | OpenAI Codex tool with over 29000 downloads linked to malicious npm supply chain attack stealing authentication tokensSupply Chain | Library exposing a supply-chain attack targeting OpenAI Codex users. A malicious npm package, "codexui-android," with over 29,000 downloads, exfiltrated non-expiring refresh tokens. Researchers also identified two Android apps, OpenClaw Codex Claude AI Agent and Codex, with tens of thousands of downloads, which similarly targeted Codex users by sending credentials to attacker-controlled servers. |
| 2026-05-31 2026 | CISA warns that Nx Console and GitHub repositories abused in multiple supply chain compromises tools across enterprise cloud and DevOps environments exploitedSupply Chain | Analysis of supply chain attacks by CISA details exploitation of Nx Console VSCode extension and GitHub repositories via the Megalodon campaign. Threat actors pilfered CI/CD secrets and cloud credentials by poisoning workflows. Recommended mitigations include auditing contributor activity, forensic reviews, rotating secrets, pinning trusted package versions, and delaying package pulls for community detection. |
| 2026-04-05 2026 | 'Each vulnerability exposes a different class of enterprise data': LangChain framework hit by several worrying security issues here's what we knowAPI Sec | Library patches address critical vulnerabilities in LangChain and LangGraph, including path traversal (CVE-2026-34070), deserialization of untrusted data exposing secrets (CVE-2025-68664), and SQL injection in SQLite checkpoints (CVE-2025-67644). These flaws allowed exfiltration of files, API keys, and conversation histories, with risks potentially impacting downstream dependencies. Developers are urged to upgrade to the latest versions and audit configurations, treating LLM outputs as untrusted input. |