321 matches found
The time of much patching is coming
Welcome to this week's edition of the Threat Source newsletter. Many solutions have been proposed to reduce software bugs: zero-defect mandates, pair programming, formal methods, and mathematical software proofs. The reality is that software engineering is hard. Identifying and fixing bugs before...
OpenAI’s GPT-5.5 is as Good as Mythos at Finding Security Vulnerabilities
The UK's AI Security Institute evaluated GPT-5.5's ability to find security vulnerabilities, and found that it is comparable to Claude Mythos. Note that the OpenAI model is generally available. Here is the Institute's evaluation of Mythos. And here is an analysis of a smaller, cheaper model. It...
Bringing AI Code Security into Qualys ETM
A first-class data model for the next generation of findings AI-driven code security is becoming a real category. Anthropic's Claude Code Security and OpenAI's Codex Security are the leading examples, and more will follow. These tools reason about source code at a depth that traditional SAST cann...
PT-2026-22809
Name of the Vulnerable Software and Affected Versions FreeScout versions 1.8.206 and earlier Description FreeScout is susceptible to remote code execution RCE vulnerabilities CVE-2026-27636 and CVE-2026-28289. CVE-2026-27636 allows authenticated users with file upload permissions to execute code ...
GO-2026-4435 EVE Doesn't Protect Rootfs in github.com/lf-edge/eve
EVE Doesn't Protect Rootfs in github.com/lf-edge/eve...
MAL-2026-779 Malicious code in ac-dom-styles (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e39cbc9f0e4b0b813dacd1b2dbe7211e456f56b12dc39033aaa4f20064b90e7 The package ac-dom-styles was found to contain malicious code...
CVE-2025-71192
In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix a double free in sndac97controllerregister If ac97addadapter fails, putdevice is the correct way to drop the device reference. kfree is not required. Add kfree if idralloc fails and in ac97adapterrelease to do the...
MAL-2026-629 Malicious code in client-desktop-web-installer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b5f6fa310c473bfa46f7607fbf1ec6746381d722da1ef24697b1f0b180c7fd2 The package client-desktop-web-installer was found to contain malicious code...
Malicious code in @transaction-list/transaction-list-lg (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e58eb6c67a7a0d136bcfc1976caeb8271d491e519e75b15c87994e130147df99 The package @transaction-list/transaction-list-lg was found to contain malicious code...
Malicious code in public-site-boostmoney-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7643372e3a22915c9385625b458ae16e2bb250b4b55e281371dc61644125e00 The package public-site-boostmoney-ui was found to contain malicious code...
Malicious code in datatables-editor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac14c14a0e1472b84944a2153607fa90a3d074098be58d2f6ffe586a5bf80846 The package datatables-editor was found to contain malicious code. Source: ghsa-malware...
MAL-2025-192522 Malicious code in elf-stats-peppermint-wishlist-307 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe62a90e39574207020ca4b713b10ebbc5f218dc93626332919f90826a58040b The package elf-stats-peppermint-wishlist-307 was found to contain malicious code...
Malicious code in libxmlussr (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d94a22bb719650fe5b9629ed1918677f55f3a0719b015bd7851920bd36fbb05 The package libxmlussr was found to contain malicious code...
MAL-2025-192454 Malicious code in libxmlfinal5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e75640235a927670445888fa0c679048cdc7ebe626bc9e046817570b83669cc3 The package libxmlfinal5 was found to contain malicious code...
Malicious code in libxmlfinal4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d41a78ad1712a21fd085e3a8188b1e5522b8140cdc8b562d5ff933ceefe923f6 The package libxmlfinal4 was found to contain malicious code...
MAL-2025-192333 Malicious code in elf-stats-lanternlit-saddlebag-279 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1fe295c9017f7da0ef4b1fe47a7a422c26c794229397b63d9ea7711f26a4591 The package elf-stats-lanternlit-saddlebag-279 was found to contain malicious code...
MAL-2025-192284 Malicious code in elf-stats-sprucey-fireplace-355 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 164ecc7e7d859834f4c5c8e0da6104968a639d74eb7f89af69b1e593e4a01207 The package elf-stats-sprucey-fireplace-355 was found to contain malicious code...
MAL-2025-192266 Malicious code in elf-stats-silvered-star-676 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23e0c5d80322f4f7966732f58a94943b3edfd619151b911456c0e5bdd1be3820 The package elf-stats-silvered-star-676 was found to contain malicious code...
MAL-2025-192258 Malicious code in stats-engine (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81d8d8781451e304c1c297f470171e086759a549dd97d397c6f87847c7e1417d The package stats-engine was found to contain malicious code...
MAL-2025-192204 Malicious code in elf-stats-caroling-mailbag-397 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10d811ea5474fbfe51531052a2979920060c4b3290c0386b0ab497fbfb4ed020 The package elf-stats-caroling-mailbag-397 was found to contain malicious code...