CVE-2026-33475 Langflow GitHub Actions Shell Injection

Langflow is a tool for building and deploying AI-powered agents and workflows. An unauthenticated remote shell injection vulnerability exists in multiple GitHub Actions workflows in the Langflow repository prior to version 1.9.0. Unsanitized interpolation of GitHub context variables e.g., $...

TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack. The workflows, both maintained by the supply chain security company...

PT-2026-27428

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.0 Description Langflow is susceptible to an unauthenticated remote shell injection issue in GitHub Actions workflows. The issue stems from the unsanitized interpolation of GitHub context variables, such as $...

Langflow 操作系统命令注入漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Prior to Langflow 1.9.0, there was a vulnerability related to operating system command injection. This vulnerability stemmed from unauthenticated remote shell injections in...

CVE-2026-33634

Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...

KICS GitHub Action Compromised: TeamPCP Strikes Again in Supply Chain Attack

Checkmarx KICS scanner is the latest victim of a credential-stealing supply chain attack by TeamPCP. Between 12:58–16:50 UTC on March 23, 35 tags were hijacked. Learn how to audit your workflows, identify malicious activity, and secure your GitHub Actions...

‘CanisterWorm’ Springs Wiper Attack Targeting Iran

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or have Farsi set as the default language. Experts say the wip...

⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More

Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories. This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, long-abused IoT devices being shut down...

Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper

Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments. The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4,...

DuckDuckGo: RCE + Supply Chain Attack via pull_request_target in content-scope-scripts/semver-label.yml — Affects All DuckDuckGo Browsers

A vulnerability was discovered in the DuckDuckGo content-scope-scripts repository's GitHub Actions workflow. The workflow used the pullrequesttarget trigger without access controls, allowing untrusted code from fork pull requests to be checked out and executed. This could have led to remote code...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

Command Injection

Overview zen-ai-pentest is an Advanced AI-Powered Penetration Testing Framework with Multi-Agent Orchestration Affected versions of this package are vulnerable to Command Injection via the Prepare Notification process in the GitHub Actions workflow. An attacker can execute arbitrary shell command...

GHSA-F67F-HCR6-94MF Zen-AI-Pentest has Shell Injection via untrusted issue title in ZenClaw Discord Integration workflow

Summary The ZenClaw Discord Integration GitHub Actions workflow is vulnerable to shell command injection. The issue title field, controllable by any GitHub user, is interpolated directly into a run shell block via a GitHub Actions template expression. An attacker can craft an issue title containi...

Zen-AI-Pentest has Shell Injection via untrusted issue title in ZenClaw Discord Integration workflow

Summary The ZenClaw Discord Integration GitHub Actions workflow is vulnerable to shell command injection. The issue title field, controllable by any GitHub user, is interpolated directly into a run shell block via a GitHub Actions template expression. An attacker can craft an issue title containi...

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware capable of stealing sensitive CI/CD secrets. The latest incident impacted GitHub Actions "aquasecurity/trivy-action" and...

Trivy Compromised: Everything You Need to Know about the Latest Supply Chain Attack

On March 19, 2026, threat actors injected credential-stealing malware into Aqua Security’s Trivy scanner and related GitHub Actions. Learn how "TeamPCP" executed this breach and how to audit your environment...

CVE-2026-32946

A flaw was found in Harden-Runner, a security agent for GitHub Actions runners. An attacker with existing code execution capabilities within a GitHub Actions workflow can bypass network egress policies, which are security measures designed to control outbound network connections. This bypass occu...

CVE-2026-32947

A flaw was found in Harden-Runner. A remote attacker with existing code execution within a GitHub Actions workflow could exploit a DNS over HTTPS DoH vulnerability to bypass network restrictions. This allows for the exfiltration of sensitive data by encoding it within DoH queries, which appear as...