29379 matches found
⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
This week, the shadows moved faster than the patches. While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems. The game has shifted from breach to...
CVE-2026-44009
creationtimestamp| type| source ---|---|--- 2026-05-03 21:34:48+00:00| published-proof-of-concept| https://github.com/patriksimek/vm2/security/advisories/GHSA-9vg3-4rfj-wgcm...
summary-awi-poc
summary-awi-poc Public proof-of-concept repository for valida...
CVE-2026-44641
creationtimestamp| type| source ---|---|--- 2026-05-03 08:34:38+00:00| published-proof-of-concept| https://github.com/microsoft/apm/security/advisories/GHSA-xhrw-5qxx-jpwr...
Fedora 44 : GitPython (2026-9342da13e0)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-9342da13e0 advisory. Fixes security defects GHSA-rpm5-65cw-6hj4, GHSA-x2qx-6953-8485, GHSA-7545-fcxq-7j24, and GHSA-v87r-6q3f-2j67. Tenable has extracted the preceding descriptio...
Malicious code in graphicsctxs (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4786ca298bffb09916e622e06411ae44cb51c842a6eb9bf7bcf445c051463888 Packages in this campaign are used to exfiltrate data from users installing code from prepared Github repositories. Packages contain code to exfiltrate files...
CVE-2026-44003
creationtimestamp| type| source ---|---|--- 2026-05-01 20:44:52+00:00| published-proof-of-concept| https://github.com/patriksimek/vm2/security/advisories/GHSA-wp5r-2gw5-m7q7...
CVE-2026-44002
creationtimestamp| type| source ---|---|--- 2026-05-01 20:44:37+00:00| published-proof-of-concept| https://github.com/patriksimek/vm2/security/advisories/GHSA-v27g-jcqj-v8rw...
CVE-2026-44004
creationtimestamp| type| source ---|---|--- 2026-05-01 20:43:52+00:00| published-proof-of-concept| https://github.com/patriksimek/vm2/security/advisories/GHSA-6785-pvv7-mvg7...
CVE-2026-44005
creationtimestamp| type| source ---|---|--- 2026-05-01 20:42:00+00:00| published-proof-of-concept| https://github.com/patriksimek/vm2/security/advisories/GHSA-vwrp-x96c-mhwq...
GHSA-5GVM-8X7G-H7XX vulnerabilities
Vulnerabilities for packages: linux-aws, linux-qemu, linux-gcp, linux-azure, linux-vmware...
GHSA-FCFJ-3H7Q-75MQ vulnerabilities
Vulnerabilities for packages: linux-aws, linux-qemu, linux-gcp, linux-azure, linux-vmware...
GHSA-V898-XG3C-W4RJ vulnerabilities
Vulnerabilities for packages: glibc...
CVE-2026-44426
creationtimestamp| type| source ---|---|--- 2026-05-01 15:17:47+00:00| published-proof-of-concept| https://github.com/shellhub-io/shellhub/security/advisories/GHSA-vwx9-7qcf-gg7f...
CVE-2026-41888
creationtimestamp| type| source ---|---|--- 2026-05-01 14:27:56+00:00| published-proof-of-concept| https://github.com/distribution/distribution/security/advisories/GHSA-6pjf-3r9x-m592...
Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and SSH persistence. The activity has been attributed to the GitHub account "BufferZoneCorp ," which h...
GHSA-MQQ7-WXX5-MP8H
creationtimestamp| type| source ---|---|--- 2026-05-01 06:10:28+00:00| seen| https://gist.github.com/alon710/63a0b9d45c1b8aff3ea39f384d9c8809...
CVE-2026-40893
creationtimestamp| type| source ---|---|--- 2026-05-01 05:46:38+00:00| published-proof-of-concept| https://github.com/gotenberg/gotenberg/security/advisories/GHSA-62p3-hvxx-fxg4...
CVE-2026-44312
creationtimestamp| type| source ---|---|--- 2026-05-01 03:40:10+00:00| published-proof-of-concept| https://github.com/premailer/cssparser/security/advisories/GHSA-ff6c-w6qf-7xqc...
GHSA-48WR-P98V-9W5H vulnerabilities
Vulnerabilities for packages: ffmpeg...