techtimes.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-07-08.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-07-08 2026 | npm v12 Ships This Month Blocking Install Scripts That Enabled Year of Supply Chain AttacksSupply Chain | Library for securing npm package installations, npm v12 introduces a significant security redesign by defaulting to blocking install scripts. This prevents arbitrary code execution from dependencies, a long-standing vulnerability exploited in supply chain attacks like Shai-Hulud and campaigns targeting Axios and Mastra AI. The new allowlist model requires explicit inclusion of packages authorized to run scripts, with changes version-controlled in source code and auditable in pull requests. It also addresses risks from Git dependencies and binding.gyp files, moving from implicit trust to explicit allowlisting as the default security posture. |
| 2026-07-05 2026 | SharePoint Server Actively Exploited: CISA Orders Patch Before Ransomware Actors StrikeRCE | Library for detecting and mitigating deserialization vulnerabilities, specifically CVE-2026-45659 affecting on-premises Microsoft SharePoint Server. This vulnerability, a CWE-502 deserialization of untrusted data, allows authenticated users with Site Member access to trigger remote code execution. The library aids in identifying compromised servers by monitoring anomalous process trees, suspicious IIS logs, unauthorized ASPX files, and credential anomalies. It also provides guidance on temporary mitigations like restricting access, network segmentation, and WAF rules while emphasizing the critical need to apply Microsoft's out-of-band patch. |
| 2026-07-04 2026 | GitHub Secret Scanning Now Watches All Public Repos for Leaked Enterprise KeysSecrets | Library updates now expand GitHub's secret scanning to all public repositories, addressing the crisis of leaked enterprise keys, particularly those generated by AI coding agents, which surge 81% according to GitGuardian. This feature, Public Monitoring, attributes found credentials back to their originating enterprise using verified domain matching and GitHub's native identity graph, bridging the gap where traditional org-scoped scanners failed to detect leaks from personal accounts or open-source contributions. This retrospective, perimeter-agnostic layer complements existing push protection and AI coding agent scanning, enhancing defenses against credential exposure across platforms like GitHub. |
| 2026-07-04 2026 | WatchGuard Firebox Patches Third Critical IKEv2 RCE in 10 Months T15/T35 Still ExposedRCE | Writeup detailing CVE-2026-13368, a critical pre-authentication remote code execution vulnerability in WatchGuard Firebox appliances. This flaw, stemming from a race condition and use-after-free in the IKEv2 LDAP authentication path, allows unauthenticated attackers network access to achieve arbitrary code execution on the `iked` daemon. Notably, this is the third critical flaw in the same daemon within ten months, following CVE-2025-9242 and CVE-2025-14733. Patches are available for newer Fireware OS versions, but T15 and T35 models on the 12.5.x branch remain unpatched, and Fireware OS 11.x is end-of-life. |
| 2026-07-04 2026 | North Koreas Lazarus Group Hid a Full RAT in Six Rollup Polyfill npm PackagesSupply Chain | Library that catalogs a sophisticated npm supply chain attack by North Korea's Lazarus Group. This campaign disguised a full Remote Access Trojan (RAT) within six fake Rollup polyfill packages. Unlike previous attacks targeting install scripts, this malware executes at import time, bypassing npm v12's default security measures. The attack employs a multi-stage payload delivery mechanism, using Base64-encoded commands and dynamically fetched code from remote URLs to evade static analysis. The RAT is designed to exfiltrate credentials, capture screenshots, and execute arbitrary commands, with its techniques showing overlap with prior DPRK campaigns. |
| 2026-07-01 2026 | AI Coding Agents Skip Package Verification and Attackers Are Exploiting ItSupply Chain | Library that analyzes supply chain risks introduced by AI coding agents. Attackers exploit AI agents' bypass of package verification through methods like PromptMink's "LLMO abuse and knowledge injection" and "slopsquatting," where agents hallucinate non-existent package names. The Clinejection incident demonstrates how AI integration into CI/CD pipelines, as seen with Anthropic's claude-code-action and Cacheract, can amplify these risks, impacting millions of developers through compromised dependencies and credential exfiltration. |
| 2026-06-27 2026 | North Korea macOS Malware Targets AI Analyst Tools: Gaslight Embeds 38 Fake Error MessagesAI | Library that implements a novel prompt injection technique to deceive AI-assisted malware analysis tools. macOS.Gaslight, developed by North Korean actors, embeds 38 fake error messages designed to trigger LLM triage harnesses into aborting or refusing analysis sessions, rather than evading sandboxes. This method targets the AI's perception of its own state, a departure from traditional anti-analysis techniques, and represents a significant evolution in attacker tradecraft within the burgeoning field of agentic AI security, a top risk identified by OWASP. |
| 2026-06-25 2026 | GitHub Actions Supply Chain Flaw Exposes Microsoft and Google to Free-Account HijackSupply Chain | Tool demonstrating the Cordyceps vulnerability pattern, a structural flaw in GitHub Actions YAML files. This pattern allows attackers with free GitHub accounts to exploit insecure workflow composition, leading to credential theft and supply chain compromises, as seen impacting Microsoft, Google, and the Python Software Foundation. Traditional security scanners fail to detect this end-to-end data flow vulnerability, which is being replicated at scale by AI coding agents. |
| 2026-06-23 2026 | AI Patching Reaches Open Source: OpenAI Patch the Planet Targets Python cURL GoPython | Library for AI-driven vulnerability discovery and patching, Patch the Planet, leverages GPT-5.5-Cyber and Trail of Bits security engineers to identify, validate, and fix issues in open-source projects like cURL, Go, and Python. This initiative addresses the overwhelming influx of AI-generated bug reports by adding a human-review layer for validation and patch development, thereby improving security posture without burdening limited maintainer resources. The project also generates reusable security infrastructure, including fuzzing harnesses and analysis pipelines, benefiting participating open-source communities. |
| 2026-06-21 2026 | WordPress Email Plugin Flaw Triggers 17 Million Attacks: Gravity SMTP Leaks Live API KeysAPI Sec | Library for WordPress email plugins, specifically addressing CVE-2026-4020 in Gravity SMTP, which allowed unauthenticated retrieval of sensitive configuration data including live API keys for services like Amazon SES, Google, Mailjet, Resend, and Zoho. This vulnerability, despite its medium severity rating, led to over 17 million exploit attempts, exposing credentials and site software versions to attackers for potential further exploitation. |
| 2026-06-21 2026 | npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 MinutesSupply Chain | Library for detecting and mitigating npm supply chain attacks, as demonstrated by North Korea's Sapphire Sleet group. The attack compromised 144 @mastra AI packages by exploiting dormant account permissions and npm's semantic versioning to inject a malicious easy-day-js package with a postinstall hook. This hook deployed a cross-platform RAT to steal LLM API keys, cloud credentials, and cryptocurrency wallets, bypassing traditional CVE-based scanners. Detection and mitigation strategies include behavioral supply-chain monitoring, with tools like Socket and StepSecurity's Harden Runner offering protection. |
| 2026-06-19 2026 | NGINX Vulnerability Patch: F5 Fixes Critical HTTP/3 and HTTP/2 Remote Code Execution FlawsRCE | Patch addressing critical NGINX vulnerabilities CVE-2026-42530 (HTTP/3 use-after-free) and CVE-2026-42055 (HTTP/2 heap buffer overflow). These flaws, with CVSS v4.0 scores of 9.2, allow unauthenticated remote attackers to crash NGINX worker processes and potentially achieve arbitrary code execution, particularly on systems with weakened ASLR. F5 has released fixes for NGINX Open Source, NGINX Plus, and NGINX Gateway Fabric, with temporary mitigations available for those unable to patch immediately. |
| 2026-06-16 2026 | Oracle PeopleSoft Zero-Day Exploited in 100 Breaches: Council of Europe Deadline Falls TodaySSRF | Writeup on CVE-2026-35273, a critical SSRF vulnerability in Oracle PeopleSoft's PSEMHUB component. This zero-day, exploited by ShinyHunters via a gadget chain, allows unauthenticated remote code execution and has affected over 100 organizations, including higher education and government bodies. Affected versions include PeopleTools 8.61 and 8.62. Mitigation involves disabling the Environment Management Hub or removing PSEMHUB, with Oracle urging immediate action as no patch is yet available. |
| 2026-06-14 2026 | AI Agent Security Hits Its Reckoning: Prompt Injection May Be a Permanent Flaw Not a Patchable BugAI | Library on prompt injection detailing its architectural inevitability within LLMs, comparing it to conventional software's privilege boundaries. It discusses the "lethal trifecta" (private data access, untrusted content exposure, external communication ability) and Meta's "Agents Rule of Two" heuristic, alongside entry points like indirect injection via poisoned content. The entry lists CVE-2026-2256 (ModelScope's MS-Agent command injection), CVE-2026-22708 (Cursor environment variable poisoning), CVE-2025-59532 (OpenAI Codex CLI sandbox escape), and supply chain vulnerabilities like CVE-2025-6514 (mcp-remote proxy RCE). |
| 2026-06-10 2026 | ServiceNow Data Breach: Gated Advisory Left Customers Unaware of Exploited Zero-Auth APIAPI Sec | Writeup detailing a ServiceNow zero-authentication API vulnerability, where attackers queried sensitive customer instance data through an unauthenticated Scripted REST Resource (specifically `/api/now/related_list_edit/create`) between June 2-5, 2026. This marks the third unauthenticated exploit against ServiceNow in eight months, following CVE-2025-12420 and CVE-2026-0542. The vendor's gated advisory, accessible only via login, drew criticism for failing to adhere to coordinated disclosure norms and leaving many customers unaware of the breach, hindering their incident response and regulatory notification efforts. |
| 2026-06-04 2026 | Cisco Unified CM SSRF Flaw CVE-2026-20230: Public Exploit Code Opens Path to RootSSRF | Tool analysis of CVE-2026-20230, a critical Server-Side Request Forgery vulnerability in Cisco Unified Communications Manager's WebDialer Web Service. This flaw, CWE-918, allows arbitrary file writes and privilege escalation to root without authentication, with public exploit code now available. Mitigation involves disabling the WebDialer service or upgrading to patched versions (14SU6 or interim COP for 15SU5). |
| 2026-05-31 2026 | Anthropic AI Vulnerability Scanner in Enterprise Beta: IBM Joins Glasswing After 10000 Flaws FoundAPI Sec | Tool for AI-powered application security scanning, Claude Security, now in public beta for enterprise customers, identifies vulnerabilities by reasoning over code behavior and data flows, moving beyond traditional signature matching. This approach has surfaced over 10,000 critical software flaws through Anthropic's Project Glasswing consortium, which includes IBM, and has also revealed specific vulnerabilities like CVE-2026-5194 in wolfSSL. The tool aims to compress the find-fix cycle, though patching remains a bottleneck for maintainers. |
| 2026-05-26 2026 | llama.cpp GGUF Parser Flaws: Critical Integer Overflow Enables Arbitrary Reads in Every Local AI StackPython | Library of six vulnerabilities found in llama.cpp's GGUF parser, including a critical integer overflow (V-01) allowing arbitrary file reads and memory exhaustion flaws (V-02, V-03) affecting tools like Ollama and LM Studio. These issues, including V-01 and V-02, are present in the C++ gguf.cpp and Python gguf_reader.py implementations, and unlike CVE-2026-7482 (Bleeding Llama), do not have assigned CVE numbers, bypassing standard scanning workflows. |
| 2026-05-26 2026 | Chrome Security Update Patches Two Critical RCE Flaws: One Exploit Still Public UnpatchedRCE | Library for detecting and mitigating browser-based threats, including two critical RCE flaws patched in Chrome (CVE-2026-9111, CVE-2026-9110). It also addresses the publicly disclosed, unpatched Browser Fetch API vulnerability, which enables persistent background connections and potential botnet enrollment across Chromium-based browsers like Edge and Brave, requiring manual updates or enterprise patch management for protection. |
| 2026-05-25 2026 | Ghost CMS SQL Injection Hits 700 Sites: Harvard DuckDuckGo Serve Fake Cloudflare MalwareSQLi | Library for detecting and remediating CVE-2026-26980, a critical SQL injection vulnerability in Ghost CMS versions 3.24.0 through 6.19.0. This flaw allows unauthenticated attackers to steal Admin API Keys, enabling them to inject malicious JavaScript into published articles. The compromised sites are then used to serve fake Cloudflare verification pages, tricking visitors into executing PowerShell scripts that download stealer trojans and other malware. The exploitation targets the Content API's slug-filter-order.js serializer and has impacted hundreds of websites, including those of Harvard University and DuckDuckGo. |