Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit

Apple on Wednesday expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of devices to protect users from the risk posed by a recently disclosed exploit kit known as DarkSword. "We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with...

Fedora 43 : crun (2026-4747ff73a3)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-4747ff73a3 advisory. Automatic update for crun-1.27-1.fc43. Changelog for crun Wed Mar 25 2026 Packit - 1.27-1 - Update to 1.27 upstream release Mon Dec 22 2025 Packit - 1.26-1 -...

Mitigating the Axios npm supply chain compromise

In this article 1. Analysis of the attack 2. Mitigation and protection guidance 3. Microsoft Defender detections 4. Indicators of compromise 5. Hunting queries On March 31, 2026, two new npm packages for updated versions of Axios, a popular HTTP client for JavaScript that simplifies making HTTP...

Automated Generation of Cybersecurity Exercise Scenarios

There is a growing need for cybersecurity professionals with practical knowledge and experience to meet societal needs and comply with new standards and regulations. At the same time, the advances in software technology and artificial intelligence point towards a future where software agents will...

CVE-2026-30308

In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a...

CVE-2026-30305

Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it...

Fedora 43 : chunkah (2026-1269948465)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1269948465 advisory. Automatic update for chunkah-0.3.2-1.fc43. Changelog for chunkah Mon Mar 23 2026 Packit - 0.3.2-1 - Update to 0.3.2 upstream release Fri Mar 20 2026 Packit -...

EUVD-2026-17203

In its design for automatic terminal command execution, SakaDev offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...

EUVD-2026-17204

In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a...

CVE-2026-30306

In its design for automatic terminal command execution, SakaDev offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...

CVE-2026-30305

Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it...

CVE-2026-30306

In its design for automatic terminal command execution, SakaDev offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...

Syntx 安全漏洞

Syntx is an artificial intelligence-based data analysis and automated decision-making platform developed by Syntx Corporation. There is a security vulnerability in Syntx; this vulnerability stems from the command automatic approval module’s susceptibility to OS command injection, which may lead t...

CVE-2026-30305

Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it...

EUVD-2026-17042

Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation which is intended for trusted, user-authored comments is...

CVE-2026-30304

In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...

[SECURITY] Fedora 43 Update: suricata-7.0.15-1.fc43

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

CVE-2026-30304

AI Code’s CVE-2026-30304 stems from its design that auto-executes commands deemed safe while requiring approval for potentially destructive ones. Multiple trusted sources describe a prompt-injection flaw: an attacker can wrap malicious commands in a generic template and fool the model into classi...

CVE-2026-32362

Missing Authorization vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through = 1.1.3...

MAL-2026-2207 Malicious code in @emilgroup/process-manager-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc09d1561452ec50af226b10199a75b846e64e16ccbd9ff7757bf0e4a769d0c2 The package @emilgroup/process-manager-sdk-node was found to contain malicious code. Source: google-open-source-security...