py-xss-scanner

Python Reflected XSS Scanner A command-l...

SUSE-SU-2026:2093-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...

Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues Security issues: CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. CVE-2026-39817: cmd/go: "go tool pack" do...

State of SDLC Security 2026: How Risk Scales in Modern Development

Insights from real-world environments into how code, developer tooling, automation, and AI are reshaping application security...

MAL-2026-4777 Malicious code in xct-x-ayoub (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d33575d7ebb1fa670ce8a2f633471492b04319daffe0f1e10dd35841cf2709af On import XcTxAyOuB, the package's top-level init.py unconditionally starts a Flask HTTP server bound to 0.0.0.0:5000 configurable via PORT exposing...

GHSA-JF2Q-463C-6F52 androidqf: Zip entry Name Injection in APK bundle (Zip Slip for zip consumers)

Summary generateZipPath constructs zip entry names for collected APKs using device controlled content from extractFileName. Since extractFileName does not reject traversal sequences, the resulting zip entry name can contain ../. AndroidQF itself does not extract the zip it creates, but any forens...

MAL-2026-4216 Malicious code in polymarket-trader (npm)

A coordinated supply-chain attack comprising 9 npm packages published by maintainer polymarketdev GitHub actor texsellix, repo texsellix/polymarket-trading-bot within a 2-minute window on 2026-05-20T23:30Z–23:32Z. All packages masquerade as legitimate Polymarket CLOB trading tools while...

MAL-2026-4430 Malicious code in @saidddddddddd/somethingelse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10c6c962a47a7992e9b415754433ca28aec0b867273e477fdc76acc96688554d Package ships multiple multi-file randomly-named JavaScript bundles at the tarball root dist/0wj8nina9p.js, dist/g2gldlcg6a.js, dist/k72k75nqjc.js,...

MAL-2026-4581 Malicious code in idlidosa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93244f4468caec1832fe03d87c7403d7ab1dac835f12605a35667acfd3b87c39 The package ships shared/keys.json containing 9 AES-256-GCM-encrypted Groq API keys. The decryption key is a fixed byte sequence 'pageai-pool-v2'...

Bridging the Cybersecurity Gap between Web2 and Web3 - an Incident-Based Analysis of Organizational and Application-Level Security Failures

The rapid adoption of Web3 infrastructures has led to a growing number of security incidents affecting cryptocurrency exchanges, custody services and blockchain-based platforms. While existing research predominantly focuses on vulnerabilities in smart contracts and blockchain protocols, a...

State of ransomware in 2026

With International Anti-Ransomware Day taking place on May 12, Kaspersky presents its annual report on the evolving global and regional ransomware cyberthreat landscape. Ransomware remains one of the most persistent and adaptive cyberthreats. In 2026: New families continue to emerge, adopting...

HashiCorp Tooling 后置链接漏洞

HashiCorp Tooling is a series of software tools developed by HashiCorp Inc., aimed at infrastructure automation, cloud resource management, and security operations. Versions of HashiCorp Tooling prior to 0.42.0 contained a postback link vulnerability. This vulnerability stemmed from a sandbox pat...

PT-2026-40533

Name of the Vulnerable Software and Affected Versions protobufjs-cli versions prior to 1.2.1 protobufjs-cli versions prior to 2.0.2 Description The pbts command-line tool invokes JSDoc by constructing a shell command string from input file paths and executing it via child process.exec. File paths...

web-app-pentest-playbook

Web Application Pentest Playbook A structured methodology and...

MAL-2026-3323 Malicious code in paypal-payouts-bridge (npm)

Malicious npm package published by the microsop threat actor as part of a dependency-confusion campaign that impersonates internal tooling at Microsoft, Google Cloud, and PayPal using inflated semver values e.g. 99.9.x, 100.1.x to win npm resolution against private internal packages. All packages...

Astra Linux - уязвимость в firefox

Mitigation bypass in Web Compatibility: Tooling component. This vulnerability has been fixed in Firefox 143 and Thunderbird 143...

Astra Linux - уязвимость в xmltooling

Shibboleth XMLTooling before version 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allowed SSRF through a specially crafted KeyInfo element. This issue has been fixed, for example, in Shibboleth Service Provider 3.4.1.3 on Windows...

What’s new, updated, or recently released in Microsoft Security

New capabilities in Microsoft Agent 365; new Microsoft Defender and GitHub integration At Microsoft, security innovations are purpose-built to help every organization protect end-to-end with the speed and scale of AI. Our vision is simple: security should be ambient and autonomous, just like the ...

h2database-rce-poc

H2 Console RCE Exploit Toolkit Vulnerability exploitation scr...

[SECURITY] Fedora 44 Update: qt6-qtgrpc-6.10.3-1.fc44

Protocol Buffers Protobuf is a cross-platform data format used to serialize structured data. gRPC provides a remote procedure call framework based on Protobuf. Qt provides tooling and classes to use these technologies...