EUVD-2026-17853

The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers...

CVE-2026-21629

The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers...

CVE-2026-21629

The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers...

Joomla! CMS 访问控制错误漏洞

Joomla! CMS is a content management system developed under the open source Joomla! framework. There is an access control vulnerability in the Joomla! CMS. This vulnerability arises from the fact that the ajax component in the administration area is excluded from the default login user checks, whi...

PT-2026-29501

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The ajax component was excluded from the default logged-in-user check in the administrative area, which may have been unexpected by third-party developers...

Cline 安全漏洞

Cline is an AI programming assistant that serves as an integrated CLI and editor for necboy developers. Cline has a security vulnerability, which stems from OS command injection, potentially leading to remote code execution...

[SECURITY] Fedora 44 Update: python-cryptography-46.0.6-1.fc44

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers...

[SECURITY] Fedora 43 Update: python3.6-3.6.15-55.fc43

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

[SECURITY] Fedora 43 Update: python-cryptography-46.0.5-1.fc43

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers...

New Ghost Campaign Uses Fake npm Progress Bars to Phish Sudo Passwords

ReversingLabs researchers identify a new Ghost campaign using fake npm install logs and progress bars to phish for sudo passwords and steal crypto wallets from developers...

Fake OpenClaw Token Giveaway Targets GitHub Devs with Wallet-Draining Scam

OX Security reveals a new phishing campaign targeting GitHub developers. Scammers use fake OpenClaw token giveaways to trick users into connecting and draining their crypto wallets...

EUVD-2026-14476

An arbitrary file-write vulnerability in Pega Browser Extension PBE affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25. This vulnerability does not affect Robot Runtime users. A bad actor could create a website that includes...

CVE-2026-0898

An arbitrary file-write vulnerability in Pega Browser Extension PBE affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25. This vulnerability does not affect Robot Runtime users. A bad actor could create a website that includes...

Advanced Flow will make Android sideloading safer

Google has announced the introduction of Advanced Flow, designed to let Android users install apps from unverified developers more safely than before. This process is known as sideloading. It means installing an app on your device from somewhere other than the Google Play store, usually by...

PT-2026-27174

An arbitrary file-write vulnerability in Pega Browser Extension PBE affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25. This vulnerability does not affect Robot Runtime users. A bad actor could create a website that includes...

Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

Google on Thursday announced a new "advanced flow" for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance openness with safety. The new changes come against the backdrop of a developer verification mandate the tech...

How Ceros Gives Security Teams Visibility and Control in Claude Code

Security teams have spent years building identity and access controls for human users and service accounts. But a new category of actor has quietly entered most enterprise environments, and it operates entirely outside those controls. Claude Code, Anthropic's AI coding agent, is now running acros...

MAL-2026-1635 Malicious code in @polymarket-developers/clob-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 345ca83f0d4f9589714459a50b08e9f733a7d56bbb131b029748ad244a2d447b The package @polymarket-developers/clob-client was found to contain malicious code...

Malicious code in @polymarket-developers/clob-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 345ca83f0d4f9589714459a50b08e9f733a7d56bbb131b029748ad244a2d447b The package @polymarket-developers/clob-client was found to contain malicious code...

ClickFix Attack Targets Devs with MacSync Malware via Fake Claude Tools

Cybersecurity researchers at 7AI have revealed a new Claude Fraud campaign in which hackers use fake AI extensions and Google ads to steal data from tech professionals...