New CGrabber and Direct-Sys Malware Spread Through GitHub ZIP Files

Hackers spread CGrabber and Direct-Sys malware through GitHub ZIP files, bypassing security tools to steal passwords, crypto wallets, and user data...

Security update for smc-tools

This update for smc-tools fixes the following issue: Update to smc-tools v1.8.7: predictable /tmp file allows for local denial of service bsc1230052. Changelog: Update to v1.8.7: smcrnics: fix regression when PFT not available smcd/smcr: prevent DoS on statistics workfile present in /tmp/ Update ...

SUSE-SU-2026:1422-1 Security update for smc-tools

This update for smc-tools fixes the following issue: Update to smc-tools v1.8.7: - predictable /tmp file allows for local denial of service bsc1230052. Changelog: Update to v1.8.7: - smcrnics: fix regression when PFT not available - smcd/smcr: prevent DoS on statistics workfile present in /tmp/...

PT-2026-33478

Name of the Vulnerable Software and Affected Versions OpenViking versions prior to commit c7bb167 Description An authentication bypass exists in the VikingBot OpenAPI HTTP route surface. The issue occurs when the api key configuration value is unset or empty, causing the authentication check to...

PT-2026-37010

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.4.9 through 2026.4.9 Description A sender policy bypass exists in the outbound host-media attachment read helper. This issue allows unauthorized local file disclosure when deployments allow host read or filesystem root...

Unity Linux 20.1070a Security Update: open-vm-tools (UTSA-2026-007257)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007257 advisory. VMware Tools contains an insecure file handling vulnerability.A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigge...

[SECURITY] Fedora 44 Update: plasma-sdk-6.6.4-1.fc44

Plasma SDK contains tools for plasma development...

[SECURITY] Fedora 44 Update: kde-cli-tools-6.6.4-1.fc44

Provides several KDE and Plasma specific command line tools to allow better interaction with the system...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 6, 2026 to April 12, 2026)

Last week, there were 157 vulnerabilities disclosed in 141 WordPress Plugins and 23 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 79 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

CVE-2026-30459

creationtimestamp| type| source ---|---|--- 2026-04-16 11:56:31+00:00| seen| https://bsky.app/profile/pentest-tools.com/post/3mjme4ur5e225...

Malicious code in @tax-taxdev/tools-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37c3192cab77322b1ecf1742c4eda9aa9e5a6b495e3bf386284a15cf36365dcc The package @tax-taxdev/tools-scripts was found to contain malicious code...

MAL-2026-2717 Malicious code in @tax-taxdev/tools-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37c3192cab77322b1ecf1742c4eda9aa9e5a6b495e3bf386284a15cf36365dcc The package @tax-taxdev/tools-scripts was found to contain malicious code...

Malicious code in @fuego-tools/analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8b13e975286ea5f50f12e176e5b9399e209b890fc03e8d5f890f02d83a52489 The package @fuego-tools/analytics was found to contain malicious code...

MAL-2026-2713 Malicious code in @fuego-tools/analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8b13e975286ea5f50f12e176e5b9399e209b890fc03e8d5f890f02d83a52489 The package @fuego-tools/analytics was found to contain malicious code...

[SECURITY] Fedora 42 Update: polymake-4.15-3.fc42

Polymake is a tool to study the combinatorics and the geometry of convex polytopes and polyhedra. It is also capable of dealing with simplicial complexes, matroids, polyhedral fans, graphs, tropical objects, and so forth. Polymake can use various computational packages if they are installed. Thos...

PT-2026-34593

Name of the Vulnerable Software and Affected Versions LangSmith JavaScript SDK versions prior to 0.5.19 LangSmith Python SDK versions prior to 0.7.31 Description Output redaction controls do not apply to streaming token events. When a Large Language Model run produces streaming output, each chunk...

RHEL 9 : buildah, crun, podman, runc, and skopeo (RHSA-2026:8325)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:8325 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...

dev.dsf:dsf-fhir-server-jetty (>=1.0.0 <=1.9.0), dev.dsf:dsf-tools-test-data-generator (>=1.0.0 <=1.9.0) potentially affected by CVE-2026-40939 via dev.dsf:dsf-fhir-server (>=1.0.0-M1 <=1.9.0)

dev.dsf:dsf-fhir-server MAVEN version =1.0.0-M1, =1.0.0, =1.0.0, =1.9.0 Source cves: CVE-2026-40939 Source advisory: OSV:GHSA-GJ7P-595X-QWF5...

dev.dsf:dsf-fhir-server-jetty (>=1.0.0 <=1.9.0), dev.dsf:dsf-tools-test-data-generator (>=1.0.0 <=1.9.0) potentially affected by CVE-2026-40939 via dev.dsf:dsf-fhir-server (>=1.0.0-M1 <=1.9.0)

dev.dsf:dsf-fhir-server MAVEN version =1.0.0-M1, =1.0.0, =1.0.0, =1.9.0 Source cves: CVE-2026-40939 Source advisory: SNYK:JAVA-DEVDSF-16540567...

Important: Red Hat Security Advisory: Red Hat Web Terminal Operator 1.13.0 release.

Red Hat Web Terminal Operator 1.13.0 has been released. The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed...