Developer-targeting campaign using malicious Next.js repositories

Microsoft Defender Experts identified a coordinated developer-targeting campaign delivered through malicious repositories disguised as legitimate Next.js projects and technical assessment materials. Telemetry collected during this investigation indicates the activity aligns with a broader cluster...

Developer-targeting campaign using malicious Next.js repositories

Microsoft Defender Experts identified a coordinated developer-targeting campaign delivered through malicious repositories disguised as legitimate Next.js projects and technical assessment materials. Telemetry collected during this investigation indicates the activity aligns with a broader cluster...

CVE-2026-1772

CVE-2026-1772 concerns the RTU500 web interface, where an unprivileged user can read user management information. The vulnerability does not require UI access and can be exploited via browser developer tools, with no user interaction and network-based access. The CVSS 4.0 vector indicates: AV:N/A...

CVE-2024-58041

Smolder versions through 1.51 for Perl uses insecure rand function for cryptographic functions. Smolder 1.51 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Smolder::DB::Developer uses t...

PT-2026-21676

Name of the Vulnerable Software and Affected Versions RTU500 affected versions not specified Description An unprivileged user can read user management information through the RTU500 web interface. Accessing this information requires tools like browser development utilities and does not occur...

CVE-2024-58041

Smolder up to version 1.51 for Perl relies on rand() as the default entropy source for cryptographic functions, which is not cryptographically secure. The issue is tied to Smolder::DB::Developer via Data::Random, which is described as useful mostly for test programs and uses rand(). The connected...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.8.4 release.

Red Hat Developer Hub 1.8.4 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

When Security Meets Usability: An Empirical Investigation of Post-Quantum Cryptography APIs

Advances in quantum computing increasingly threaten the security and privacy of data protected by current cryptosystems, particularly those relying on public-key cryptography. In response, the international cybersecurity community has prioritized the implementation of Post-Quantum Cryptography PQ...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.8.3 release.

Red Hat Developer Hub 1.8.3 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

GitLab 18.8 < 18.8.4 (CVE-2026-1094)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI...

First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials

Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild. In this unusual supply chain attack detailed by Koi Security, an unknown attacker claimed the domain associated with a now-abandoned legitimate add-in to serve a fa...

CVE-2026-1094

Summary (CVE-2026-1094): GitLab CE/EE versions 18.8 prior to 18.8.4 were patched to address an issue where an authenticated developer could hide specially crafted file changes from the WebUI. The remediation is included in GitLab 18.8.4 (and later). The CVSSv3.1 base score is 4.6 (MEDIUM) with at...

CVE-2026-1094

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI...

CVE-2026-1094 Improper Validation of Unsafe Equivalence in Input in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI...

CVE-2026-1094 Improper Validation of Unsafe Equivalence in Input in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI...

CVE-2026-1094

Removed by vendor...

CVE-2026-1094 Improper Validation of Unsafe Equivalence in Input in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI...

PT-2026-7513

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions prior to 18.8.4 Description An issue existed in GitLab CE/EE that allowed an authenticated developer to conceal specifically designed file modifications from the WebUI. Recommendations Update to version 18.8.4 or later...

KLA90875 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability...

warehouse 授权问题漏洞

Warehouse is a small-scale warehouse logistics management system developed by Yeqifu’s individual developer, based on Spring Boot. There is an authorization issue in Warehouse; this vulnerability stems from insufficient authorization verification for user operations within the permission manageme...