Security-First Approach to API Pipeline Development with Zero-Trust Architecture

Modern enterprises face an accelerating onslaught of API-targeted threats amid a rapidly expanding attack surface. Record volumes of software vulnerabilities continue to accelerate dramatically, with 28,818 CVEs disclosed in 2023 a 38% jump from 2022 and 40,009 CVEs in 2024 another 38% increase,...

kernel-devel-7.0.11-1.1 on GA media (moderate)

kernel-devel-7.0.11-1.1 on GA media Announcement ID: openSUSE-SU-2026:10954-1 Rating: moderate Cross-References: CVE-2026-43494 CVE-2026-43503 CVE-2026-45834 CVE-2026-45835 CVE-2026-45836 CVE-2026-45837 CVE-2026-45838 CVE-2026-45839 CVE-2026-45840 CVE-2026-45841 CVE-2026-45842 CVE-2026-45843...

CVE-2026-32885

DDEV is an open-source tool for running local web development environments for PHP and Node.js. Versions prior to 1.25.2 have unsanitized extraction in both Untar and Unzip functions in pkg/archive/archive.go. Downloads and extracts archives from remote sources without path validation. Version...

CVE-2026-9806

A stored cross-site scripting XSS vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert names were rendered in the notification bell dropdown using innerHTML without adequate sanitization...

GHSA-XXWJ-CPV6-F4HC vulnerabilities

Vulnerabilities for packages: openjdk-25-openj9, openjdk-17-openj9, openjdk-8-openj9, openjdk-26-openj9, openjdk-21-openj9, openjdk-11-openj9...

GHSA-32VR-5HXF-X93F vulnerabilities

Vulnerabilities for packages: openjdk-25-openj9, openjdk-17-openj9, openjdk-8-openj9, openjdk-26-openj9, openjdk-21-openj9, openjdk-11-openj9...

GHSA-G75F-42VW-M3XV vulnerabilities

Vulnerabilities for packages: openjdk-25-openj9, openjdk-17-openj9, openjdk-8-openj9, openjdk-26-openj9, openjdk-21-openj9, openjdk-11-openj9...

CVE-2026-4810

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...

CVE-2026-22599

Strapi is an open source headless content management system. In versions on the 4.x branch prior to 4.26.1 and on the 5.x branch prior to 5.33.2, a database-query injection vulnerability existed in the Strapi Content-Type Builder write API. An authenticated administrator could inject arbitrary...

RLSA-2026:22145 Important: .NET 10.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.108 and .NET Runtime...

From Operating Model to Product: How We Built the ROC for Detection-Speed Remediation

In the first article in this series, we made the case for a prevention-led operating model. This article is about what happened next: the decision to build something that did not exist, and what it took to make it real. Turning an operating model into a product sounds straightforward until you ar...

GHSA-64CJ-QVX5-M4F3 Nhost CLI local configserver allows cross-origin unauthenticated read/write access to local development configuration and secrets

Summary The hidden nhost configserver used by nhost dev exposes the Mimir GraphQL API with dummy authorization directives and permissive CORS. When a developer is running the local development environment, any process that can reach the developer's localhost service, including a web page loaded...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: memcached: memcached-1.6.42-0.1.hum1 aarch64, x8664 memcached-devel-1.6.42-0.1.hum1 aarch64, x8664 memcached-selinux-1.6.42-0.1.hum1 noarch memcached-1.6.42-0.1.hum1.src src...

wined

Windows Exploitation wined Tools The following scripts were...

ExploitGym AI Exploit Benchmark Tool

ExploitGym is a large-scale, realistic benchmark built from real-world vulnerabilities designed to evaluate AI agents' ability to develop exploits...

Exploring the Connection between Coding Habits and Cognitive Styles in Malware Developers

Malware research primarily studies the results, the methods, and the impact. Even from an offensive security perspective, what is examined is the method, not the development strategy of the offender. This study investigates the behavioral signatures and coding patterns embedded in the malware...

PT-2026-46881

Summary The hidden nhost configserver used by nhost dev exposes the Mimir GraphQL API with dummy authorization directives and permissive CORS. When a developer is running the local development environment, any process that can reach the developer's localhost service, including a web page loaded...

CRESS: Quantifying Vulnerabilities of Attack Scenarios in Hardware Reverse Engineering

The safety, security, and reliability of microelectronic systems depend on a trustworthy, secured supply chain and design flow. Globally distributed supply chains or unintentional design weaknesses leave the door open for attacks on the hardware level. These scenarios encompass counterfeiting,...

OPENSUSE-SU-2026:10946-1 assimp-devel-6.0.5-3.1 on GA media

These are all security issues fixed in the assimp-devel-6.0.5-3.1 package on the GA media of openSUSE Tumbleweed...

libjxl-devel-0.11.2-2.1 on GA media (moderate)

libjxl-devel-0.11.2-2.1 on GA media Announcement ID: openSUSE-SU-2026:10910-1 Rating: moderate Cross-References: CVE-2025-12474 CVE-2025-70103 CVSS scores: CVE-2025-12474 SUSE : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2025-12474 SUSE : 6.9...