EUVD-2026-38104

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the viewpage function in all versions up to, and including, 1.5.1. This makes it possible for unauthenticated attackers to delete...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Prevents attempts to reclaim poisoned pages TL;DR: In SGX, when pages are reclaimed, their contents are copied to secondary storage. SGX instructions do not properly handle machine checks. Nevertheless, existing SGX code...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: Fixed the issue with VMBUGONPAGEPagePoisonedpage when unpoisoning memory. When I performed memory failure tests, the following panic occurred: Page dumped because: VMBUGONPAGEPagePoisonedpage. Kernel BUG at...

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

In this article 1. Attack chain overview 1. Discovery and initial indicators 2. Dependency injection: the poisoned package.json 3. Typosquat analysis: easy-day-js 4. Staged delivery pattern 5. Obfuscation and payload analysis 6. TLS bypass to self-deletion 7. Timeline analysis 2. Who is Sapphire...

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades , this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index PyPI registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target specific ecosystems...

CVE-2026-6539

Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious nativeLang.xml language pack file. Attackers can distribute a poisoned language pack through...

CVE-2026-44429

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the public catalogue UI served at GET / file internal/api/handlers/v0/uiindex.html is vulnerable to stored cross-site scripting via the server.websiteUrl field of any published...

CVE-2026-5301

Stored XSS in log viewer in CoolerControl/coolercontrol-ui 4.0.0 allows unauthenticated attackers to take over the service via malicious JavaScript in poisoned log entries...

WhatsApp, Slack Notifications Could Hijack Google Gemini on Android

A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini's voice assistant on Android and made it open a victim's connected windows, fake a message from their boss, push the phone into a Zoom call, or quietly poison its long-term...

CVE-2026-44465 Zed: Zed IDE Arbitrary Code Execution via untrusted repository with poisoned .git/config

Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution RCE when a victim open a folder in untrusted mode...

CVE-2026-44465 Zed: Zed IDE Arbitrary Code Execution via untrusted repository with poisoned .git/config

Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution RCE when a victim open a folder in untrusted mode...

CVE-2026-44465

Zed IDE (prior to 0.227.1) is affected. Opening a folder that contains a malicious .git/config file abuses the core.fsmonitor Git configuration option, allowing an attacker to execute arbitrary commands and achieve Remote Code Execution when a user opens the folder in untrusted mode. The issue is...

ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More

Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, and enough exposed infrastructure to make you wonder if prod is just a public beta now - meanwhile...

A Wolf in Sheep'S Clothing: Targeted Routing Hijacking in Federated RAG

Federated Retrieval-Augmented Generation FedRAG is attractive for privacy-sensitive applications because raw data remain local. As a result, routing must rely on client-provided semantic profiles, creating a new opportunity for manipulation. We introduce Routing Hijacking, a routing-stage attack ...

GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension

GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code VS Code extension. The development comes as the Nx team revealed that the extensio...

Investigation update: GitHub Enterprise Server signing key rotation

May 26, 2026 : GitHub recently detected a cyber-attack and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. It's important to note that this investigation is still ongoing, and we will continue to...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: s390/mm: The handling of VMFAULTHWPOISON in doexception has been fixed. There is no support for HWPOISON, MEMORYFAILURE, or ARCHHASCOPYMC on s390. Therefore, we do not expect to see VMFAULTHWPOISON in doexception. However, since...

Astra Linux - уязвимость в logback

A serialization vulnerability in the logback receiver component, as part of logback version 1.4.11, allows an attacker to carry out a Denial-of-Service attack by sending poisoned data...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: codetag: debug: mark codetags for poisoned page as empty When PGHWpoison pages are freed, they are treated differently in freepagesprepare. Instead of being released, they are isolated. The allocation tag counters are decremented...

Detecting Trojaned DNNs Via Spectral Regression Analysis

Modern DNNs are repeatedly fine-tuned to incorporate new data and functionality. This evolutionary workflow introduces a security risk when updated data cannot be fully trusted, as adversaries may implant Trojans during fine-tuning. We present MIST, a Trojan detection approach that analyzes how a...