CVE-2026-45457

creationtimestamp| type| source ---|---|--- 2026-06-09 11:04:53+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0182 2026-06-09 16:12:18+00:00| seen| https://www.thezdi.com/blog/2026/6/9/the-june-2026-security-update-review...

Malicious Package

Overview polymarket-ai-agent is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

AI Survey: 50% of Organizations Struggle to Maintain Latency at Scale

The Akamai State of AI Inference report captures real data from the field that describes how AI inference is being built and scaled in production today...

CVE-2026-35574

creationtimestamp| type| source ---|---|--- 2026-04-07 19:33:43+00:00| seen| Telegram/7stdzVfIjMVb7tvEQLoql-CFRLg5JIYu0eUqsXCfmQ30DI4 2026-04-07 19:33:54+00:00| seen| Telegram/2sVgvXJxKnqdd0t3ix7z2PFFoP4qMIqNMJ7HHwXtd94aJL4 2026-04-17 05:07:08+00:00| seen|...

CVE-2026-22182

creationtimestamp| type| source ---|---|--- 2026-03-18 06:20:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mhctssbx4f2m...

ICE Is Crashing the US Court System in Minnesota

Petitions demanding people get the chance to be released from ICE custody have overwhelmed courts throughout the US...

LLMs are Getting a Lot Better and Faster at Finding and Exploiting Zero-Days

This is amazing: Opus 4.6 is notably better at finding high-severity vulnerabilities than previous models and a sign of how quickly things are moving. Security teams have been automating vulnerability discovery for years, investing heavily in fuzzing infrastructure and custom harnesses to find bu...

CVE-2020-37019

Orchard Core RC1 contains a persistent cross-site scripting (XSS) vulnerability that lets an attacker inject malicious JavaScript via blog posts. The flaw is triggered when embedded JavaScript is placed in the MarkdownBodyPart.Source parameter during blog-post creation, allowing code execution in...

The Cybersecurity Side of AI Crypto Bots: What Users Need to Know

Many crypto investors remain sceptical about using AI in their trading. They are aware that the technology exists,…...

RUSTSEC-2025-0130 Missing check in ZK proof in CGGMP21 Threshold Signing Protocol

Vulnerability concerns a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full private key. Patches cggmp21 v0.6.3 is a patch release that contains a fix that introduces this specific missing check. However, we recommend upgrading to cggmp24...

Bot Management for the Agentic Era

Learn how bot management is evolving in the age of AI agents, with new authentication standards, monetization models, and ways to manage AI-driven automation...

When the Cloud Breaks: Lessons from the AWS Outage

...

EUVD-2022-29768

Malicious code in bioql PyPI...

Mezzanine CMS vulnerable to Cross-site Scripting

A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...

CVE-2025-50481

Mezzanine CMS v6.1.0 contains a stored XSS vulnerability in the /blog/blogpost/add component. The root cause is insufficient input validation that allows injecting crafted payloads into blog posts to execute arbitrary scripts. Exploit activity is evidenced in exploit databases (e.g., Exploit-DB, ...

CVE-2025-49671

creationtimestamp| type| source ---|---|--- 2025-07-08 15:56:31+00:00| seen| https://www.thezdi.com/blog/2025/7/8/the-july-2025-security-update-review...

Friday Squid Blogging: Stubby Squid

Video of the stubby squid Rossia pacifica from offshore Vancouver Island. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...

Exploit for CVE-2025-37899

This is the artefact repository associated with my blog post Ho...

CVE-2025-27733

creationtimestamp| type| source ---|---|--- 2025-04-08 16:14:25+00:00| seen| https://www.thezdi.com/blog/2025/4/8/the-april-2025-security-update-review 2025-04-22 00:34:19+00:00| seen| https://infosec.exchange/users/wdormann/statuses/114378804966922705 2025-04-22 00:34:40+00:00| seen|...

Deepseek: Why it Matters and What the Press Got Wrong

...