EUVD-2026-29118

Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1...

TOR Virtual Network Tunneling Tool 0.4.9.8

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow...

[SECURITY] Fedora 43 Update: python3.6-3.6.15-57.fc43

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

[SECURITY] Fedora 43 Update: python3.9-3.9.25-9.fc43

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

[SECURITY] Fedora 44 Update: python-cryptography-46.0.7-1.fc44

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers...

4ga Boards 安全漏洞

4ga Boards is a real-time project management dashboard system developed by RAR Personal Developers. Versions of 4ga Boards prior to 3.3.5 contained security vulnerabilities. These vulnerabilities stemmed from timing side channels in the login endpoint, which could lead to user enumeration...

Mozilla Used Anthropic’s Mythos to Find and Fix 271 Bugs in Firefox

The Firefox team doesn’t think emerging AI capabilities will upend cybersecurity long term, but they warn that software developers are likely in for a rocky transition...

They Built a Legendary Privacy Tool. Now They’re Sworn Enemies

There’s a lot of love all over the world for GrapheneOS, the gold standard of mobile security. There’s very little love between the two guys at the center of its history...

Net::Dropbear 安全漏洞

Net::Dropbear is an SSH client interface module developed by ATRODO’s individual developers, based on Dropbear. Versions of Net::Dropbear prior to 0.14 contained security vulnerabilities, which stemmed from the inclusion of the vulnerable libtomcrypt library. These vulnerabilities may be affected...

Esri Portal For ArcGIS 安全漏洞

Esri Portal for ArcGIS is a component offered by Esri that allows for sharing maps, scenarios, applications, and other geographic information with others within an organization. Versions 11.4, 11.5, and 12.0 of Esri Portal for ArcGIS have security vulnerabilities. These vulnerabilities stem from...

Malicious code in linode-developers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55911ad2b0d383d30b5cd3daeec59c9f4419c01231c45fe9813e1b7ff7260e13 The package linode-developers was found to contain malicious code...

MAL-2026-2777 Malicious code in linode-developers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55911ad2b0d383d30b5cd3daeec59c9f4419c01231c45fe9813e1b7ff7260e13 The package linode-developers was found to contain malicious code...

Solstice::Session 安全漏洞

Solstice::Session is a server-side session component developed by MCRAWFOR’s developers, used to manage user sessions and request states. Versions of Solstice::Session prior to 1440 contained security vulnerabilities, which stemmed from insecure session ID generation, potentially allowing attacke...

Crypt::SecretBuffer 安全漏洞

Crypt::SecretBuffer is a cryptographic buffer module developed by NERDVANA’s individual developers, designed for secure storage and memory protection of sensitive data. Versions of Crypt::SecretBuffer prior to 0.019 contained security vulnerabilities, which were due to susceptibility to timing...

GraphAlgo Scam: Lazarus Hackers Register Real US LLCs to Spread Malware

ReversingLabs has discovered a fresh wave of the graphalgo campaign in which North Korean Lazarus hackers are using fake Florida LLCs, mimicking SWFT Blockchain, and using GitHub typo-squatting to target developers with malware...

Bringing Security Visibility to Vercel with Wiz

Giving developers and security teams a shared view of application risk as it evolves...

Exploit for CVE-2026-40271

Lazarus Group: 19-Day A/B Test Campaign Analysis TLP:CLEA...

EUVD-2026-20795

GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in t...

Spring Office Hours Podcast: S5E12 - Developer Soft Skills with Arun Gupta

Join Dan Vega and DaShaun Carter for another essential update from the Spring ecosystem. In this episode, the guys are joined by DevRel and Java legend Arun Gupta to discuss a topic often overlooked but vital for career longevity: soft skills for developers. Drawing from his decades of experience...

CVE-2026-1752

GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in t...