TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates

OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual property were compromised or modified in an unauthorized manner. "Upon...

Palo Alto Prisma Access Agent 24.x / 25.x / 26.x < 26.2.1 Multiple Vulnerabilities

The version of Palo Alto Networks Prisma Access Agent installed on the remote host is 24.x, 25.x, or 26.x prior to 26.2.1. It is, therefore, affected by multiple vulnerabilities: - Multiple information disclosure vulnerabilities allow a local user to access sensitive configuration data and...

CVE-2026-8517

Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-8543

Out of bounds read in FileSystem in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

CVE-2026-8587

Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Medium...

CVE-2026-8564

Incorrect security UI in Downloads in Google Chrome on Android and Mac prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

EUVD-2026-30458

Out of bounds read in FileSystem in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

CVE-2026-8536

CVE-2026-8536 affects Google Chrome on Mac, through the ReadingMode component in Chromium. Root cause: insufficient validation of untrusted input, enabling a renderer-compromised remote attacker to bypass Site Isolation via a crafted HTML page. The Chrome update released to 148.0.7778.167/168 fix...

CVE-2026-8536

Insufficient validation of untrusted input in ReadingMode in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass site Isolation via a crafted HTML page. Chromium security severity: High...

CVE-2026-8517

Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

MAL-2026-3774 Malicious code in ts-build-optimize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51c637ab7c13ca2f592502f3444ebb24b291422b6388563d04fb8f7ae9030d5a The package masquerades as a TypeScript helper library README is lifted from Microsoft's tslib and references --importHelpers, extends, assign, and a...

Fake Job Interview Apps Drop JobStealer Malware on Windows and macOS

Hackers are using Fake interview apps to spread JobStealer malware on macOS and Windows to steal crypto wallets, browser data, and passwords...

CVE-2026-28958

A flaw was found in WebKitGTK. Processing or loading malicious web content can allow an app to access sensitive user data due to improper data protection. Mitigation Do not process or load untrusted web content with WebKitGTK. In Red Hat Enterprise Linux 7, the following packages require...

CVE-2026-28904

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling. Mitigation Do not process or load untrusted web content with WebKitGTK. In Red Hat Enterprise Linux 7, the following packages require WebKitGTK4:...

PT-2026-41116

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.168 Description A use after free issue exists in Extensions, where a use after free occurs when memory is accessed after it has been freed by the system. This allows an attacker to execute...

Palo Alto GlobalProtect App MacOS 6.0.x < 6.0.13 / 6.2.x < 6.2.8-h10 / 6.3.x < 6.3.3-h9 Improper Certificate Validation (CVE-2026-0249)

The version of Palo Alto GlobalProtect App installed on the remote macOS host is 6.0.x prior to 6.0.13, 6.2.x prior to 6.2.8-h10, or 6.3.x prior to 6.3.3-h9. It is, therefore, affected by an improper certificate validation vulnerability: - Multiple improper certificate validation vulnerabilities ...

Palo Alto GlobalProtect App 6.0.x < 6.0.13 / 6.2.x < 6.2.8-h10 / 6.3.x < 6.3.3-h9 Multiple Vulnerabilities

The version of Palo Alto GlobalProtect App installed on the remote host is 6.0.x prior to 6.0.13, 6.2.x prior to 6.2.8-h10, or 6.3.x prior to 6.3.3-h9. It is, therefore, affected by multiple vulnerabilities: - A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that...

Google Chrome < 148.0.7778.167 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 148.0.7778.167. It is, therefore, affected by multiple vulnerabilities as referenced in the 202605stable-channel-update-for-desktop12 advisory. - Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.16...

EUVD-2026-30097

A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent® enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. This allows the user to execute arbitrary code an...

EUVD-2026-30102

Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect™ app allow a local user to escalate their privileges to NT AUTHORITY\SYSTEM on Windows and root on macOS and Linux. This enables a non-administrative user to execute arbitrary commands with administrative...