Threat actor abuse of AI accelerates from tool to cyberattack surface

For the last year, one word has represented the conversation living at the intersection of AI and cybersecurity: speed. Speed matters, but it’s not the most important shift we are observing across the threat landscape today. Now, threat actors from nation states to cybercrime groups are embedding...

The State of Trusted Open Source Report

In December 2025, we shared the first-ever The State of Trusted Open Source report, featuring insights from our product data and customer base on open source consumption across our catalog of container image projects, versions, images, language libraries, and builds. These insights shed light on...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nodejs25: nodejs25-25.9.0-1.hum1 aarch64, x8664 nodejs25-bin-25.9.0-1.hum1 noarch nodejs25-devel-25.9.0-1.hum1 aarch64, x8664 nodejs25-docs-25.9.0-1.hum1 noarch nodejs25-full-i18n-25.9.0-1.hum1...

[SECURITY] Fedora 43 Update: gst-devtools-1.26.11-1.fc43

Development and debugging tools for GStreamer...

TrendAI Insight: New U.S. National Cyber Strategy

TrendAI reviews the White House National Cyber Strategy, outlining six pillars to strengthen U.S. cybersecurity—from deterrence and regulation to federal modernization, critical infrastructure protection, AI leadership, and workforce development...

CVE-2026-34537

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior UB in CIccOpDefEnvVar::Exec due to invalid enum values being loaded for icSigCmmEnvVar. The issue is observable under UBSan a...

CVE-2026-34535

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a segmentation fault SEGV in CIccTagArray::Cleanup. The issue is observable under UBSan/ASan as misaligned member access / misaligned pointer...

CVE-2026-34534 iccDEV: HBO in CIccMpeSpectralMatrix::Describe()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow HBO in CIccMpeSpectralMatrix::Describe. The issue is observable under AddressSanitizer as an out-of-bounds heap read when...

CVE-2026-34237

The connected advisory describes MCP Java SDK with a hardcoded wildcard CORS header (Access-Control-Allow-Origin: *) in server transport code (HttpServletSseServerTransportProvider.java and HttpServletStreamableServerTransportProvider.java). This enables cross-origin access to SSE endpoints, allo...

[SECURITY] Fedora 43 Update: dotnet8.0-8.0.125-1.fc43

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

[SECURITY] Fedora 43 Update: dotnet9.0-9.0.115-1.fc43

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

Claude SDK for Python 安全漏洞

Claude SDK for Python is an open-source Python software development toolkit developed by Anthropic for calling the Claude API. Versions of Claude SDK for Python prior to 0.87.0 contained a security vulnerability. This vulnerability stemmed from improper file permission settings created by memory...

CVE-2026-30309

CVE-2026-30309 affects InfCode’s terminal auto-execution module. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell (e.g., powershell), and the matching algorithm lacks dynamic semantic parsing, failing to recognize string concatenation, variable assignment, o...

The Real Risk of Vibecoding

This blog looks at how AI‑driven vibecoding speeds up software development while increasing security risk by outpacing traditional review and ownership. It explains why security needs to move earlier and be built into modern development workflows...

Amazon Linux 2023 : libssh, libssh-config, libssh-devel (ALAS2023-2026-1472)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1472 advisory. libssh: SCP Protocol Path Traversal in sshscppullrequest CVE-2026-0964 libssh: Specially crafted patterns could cause DoS CVE-2026-0967 Tenable has extracted the preceding description block...

Amazon Linux 2023 : libde265, libde265-devel (ALAS2023-2026-1477)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1477 advisory. strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decodercontext::computeframedroptable. CVE-2025-61147 Tenable has extracted the preceding description...

[SECURITY] Fedora 42 Update: dotnet10.0-10.0.104-1.fc42

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

Linux Distros Unpatched Vulnerability : CVE-2026-33167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does no...

Detecting Protracted Vulnerabilities in Open Source Projects

Timely resolution and disclosure of vulnerabilities are essential for maintaining the security of open-source software. However, many vulnerabilities remain unreported, unpatched, or undisclosed for extended periods, exposing users to prolonged security threats. While various vulnerability...

CVE-2026-32422

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through = 5.8.13...