New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets

DirtyClone is a new Linux kernel privilege escalation in the DirtyFrag family. JFrog Security Research published a working exploit walkthrough for the flaw on June 25, the first public demonstration for this variant. Tracked as CVE-2026-43503 CVSS 8.8, it lets a local user corrupt file-backed...

Guardian Agents: The Next Layer of Identity Governance

AI agents are moving through enterprise environments, inheriting permissions, traversing systems, and executing decisions at machine speed with minimal oversight. The identity infrastructure built to govern human access wasn't designed for autonomous actors, and the gap between what enterprises a...

MAL-2026-6518 Malicious code in ai-node-relay (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15dbf12bf77945563589af277a5a11fc548f282dfb1ab8fb8b0e8253d28ec854 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview ai-node-agent is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview ai-node-relay is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in ai-node-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0730db02e46f4cfb224880f60bcdcdd43ed4d1bc97c68ee404428f7c592445cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ai-node-relay (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15dbf12bf77945563589af277a5a11fc548f282dfb1ab8fb8b0e8253d28ec854 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-6517 Malicious code in ai-node-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0730db02e46f4cfb224880f60bcdcdd43ed4d1bc97c68ee404428f7c592445cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-7958

A Code Injection vulnerability existed in Trellix Network Security CM and NX. A locally authenticated admin user can execute arbitrary code using the web interface and Alert artifact details...

Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack

Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that has compromised a new set of npm packages, even as it has propagated to the Go ecosystem. "The latest activity includes malicious npm releas...

Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Partner Engagement Manager.

Summary Multiple vulnerabilities were addressed in IBM Sterling Partner Engagement Manager versions 6.3.0.0, 6.2.4.4, and 6.2.3.6. Vulnerability Details CVEID:CVE-2023-47038 DESCRIPTION: A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression i...

Malicious code in inlifegram (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9e2d3483845391abac4b854096ffc1c7767818f9e2b02486d969ee2be0638dc9 The modified version of a Telegram bot library. The obfuscated code, launched when the user starts their own bot application, attaches malicious backdoor...

MAL-2026-6516 Malicious code in inlifegram (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9e2d3483845391abac4b854096ffc1c7767818f9e2b02486d969ee2be0638dc9 The modified version of a Telegram bot library. The obfuscated code, launched when the user starts their own bot application, attaches malicious backdoor...

CVE-2026-53242

A flaw was found in the Advanced Linux Sound Architecture ALSA Pulse-Code Modulation PCM component of the Linux kernel. This vulnerability involves a corruption of wait queue lists within the sndpcmdrain function when processing linked streams. An attacker could exploit this issue to trigger a...

Security Bulletin: Due to use of IBM Storage Scale , IBM Cloud Pak System is affected by multiple vulnerabilities

Summary Multiple vulnerabilities in IBM Storage Scale which could provide weaker than expected security were addressed in IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp wi...

Malicious Package

Overview prism-silq is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Security Bulletin: Vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2026-11541, CVE-2026-11536, CVE-2026-11594, CVE-2026-11707 and CVE-2026-11383)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about multiple vulnerabilities affecting WebSphere Application Server have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in...

Malicious Package

Overview hexo-shoka-swiper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

DEBIAN-CVE-2026-6658

A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...

CVE-2026-6658

A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...