exploit-tool

Exploit-Tool Single-console pentest platform built on authori...

PT-2026-36100

CVE-2026-31431 is another reminder that one unpatched vulnerability can turn a small foothold into full system compromise. For businesses running remote teams, cloud workloads, or distributed infrastructure, secure access and layered protection matter more than ever. Patch fast. Limit exposure...

CTEM for Telecom Companies

Protect Network Infrastructure. Prevent Service Disruption. Secure 5G, IoT, and Subscriber Data. Telecommunications companies operate the most interconnected infrastructure on the planet. Your networks carry voice, data, and critical services for millions of subscribers, enterprises, and governme...

CTEM for Telecom Companies | Cybersecurity for Telecommunications

Protect Critical Infrastructure. Prevent Service Disruption. Secure Subscriber Data at Scale. Telecom companies operate some of the most complex, high-value attack surfaces in any industry. With billions of connected devices, legacy protocols like SS7 still in production, and 5G rollouts expandin...

security-advisories

Security Advisories Public write-ups and PoCs for CVEs I've d...

Important: Red Hat Security Advisory: Logging for Red Hat OpenShift - 6.2.10

Logging for Red Hat OpenShift - 6.2.10 Red Hat OpenShift Logging 6.2.10 is a cluster-wide logging solution for OpenShift that collects and manages applications, infrastructure, and audit logs...

Important: Red Hat Security Advisory: Red Hat Update Infrastructure 5.2 Technology Preview security update

A new set of Red Hat Update Infrastructure container images is now available as a Technology Preview in the Red Hat container registry. Technology Preview features are not fully supported, may not be functionally complete, and are not suitable for deployment in production...

MAL-2026-3254 Malicious code in @corp-infra/sso-gateway-core (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

Malicious code in apple-infra-ultimate-bypass (npm)

Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...

MAL-2026-3155 Malicious code in apple-infra-network-v2 (npm)

Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...

MAL-2026-3156 Malicious code in apple-infra-ultimate-bypass (npm)

Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...

Malicious code in apple-infra-network-v2 (npm)

Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...

Securing GitHub: Wiz Research uncovers Remote Code Execution in GitHub.com and GitHub Enterprise Server (CVE-2026-3854)

Details on CVE-2026-3854: A critical flaw in GitHub’s internal git infrastructure enabling RCE on GitHub.com and GitHub Enterprise Server...

What Anthropic’s Mythos Means for the Future of Cybersecurity

Two weeks ago, Anthropic announced that its new model, Claude Mythos Preview, can autonomously find and weaponize software vulnerabilities, turning them into working exploits without expert guidance. These were vulnerabilities in key software like operating systems and internet infrastructure tha...

IPDevicePenTest

IPDevicePenTest Automated penetration testing framework for...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from incomplete host environment variable cleanup mechanisms in the host-env-security-policy.json and...

Security Bulletin: Multiple vulnerabilities in IBM Rapid Infrastructure Automation

Summary IBM Concert Workflows addresses multiple security vulnerabilities that originate from IBM Rapid Infrastructure Automation. IBM Concert Workflows is built on the same underlying technology and provides equivalent core functionality. Vulnerability Details CVEID:CVE-2025-23022 DESCRIPTION:...

Important: Red Hat Security Advisory: RHUI 4.11.4 security update - python-pyOpenSSL

An updated version of Red Hat Update Infrastructure RHUI is now available. RHUI 4.11.4 resolves a security vulnerability in pyOpenSSL. Red Hat Update Infrastructure RHUI provides a highly scalable and redundant framework for managing repositories and content. It also allows cloud providers to...

[SECURITY] Fedora 44 Update: rpki-client-9.8-1.fc44

The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...

security-audit

security-audit A Claude Code skill + plugin marketplace for a...