Malicious code in @antv/gi-assets-algorithm (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

MAL-2026-3978 Malicious code in @antv/g2-plugin-slider (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

CVE-2026-24480

A flaw was found in the QGIS GitHub Actions workflow. This vulnerability allowed a remote attacker to achieve remote code execution and compromise the repository. The flaw occurred because the workflow used the pullrequesttarget trigger, which runs with the base repository's credentials, and then...

The vulnerability of the Continuous Integration and Deployment Application Delivery system (CI/CD) JetBrains TeamCity, related to the storage of information in an open manner, allows a hacker to expose confidential information.

The vulnerability of the Continuous Integration and Deployment Application Delivery system CI/CD of JetBrains TeamCity is related to the storage of information in an open manner. Exploiting this vulnerability can allow attackers to disclose confidential information...

Enhancing the Cloud Security through Topic Modelling

Protecting cloud applications is crucial in an age where security constantly threatens the digital world. The inevitable cyber-attacks throughout the CI/CD pipeline make cloud security innovations necessary. This research is motivated by applying Natural Language Processing NLP methodologies, suc...