4 matches found
GHSA-F8Q5-H5QH-33MH xygeni-action v5 tag poisoned with C2 backdoor
Description On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests 46, 47, 48 injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main branch. However, the attacker used the...
Akamai Block Storage Makes Block Disk Encryption the Default in Terraform
Learn about the early 2026 Terraform update, how the change will affect your workflow, and how to successfully navigate any issues that may arise...
CVE-2026-21894 n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks
n8n is an open source workflow automation platform. In versions from 0.150.0 to before 2.2.2, an authentication bypass vulnerability in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates and stores a Stri...
A Hardware Privacy Monitor for iPhones
Andrew "bunnie" Huang and Edward Snowden have designed a hardware device that attaches to an iPhone and monitors it for malicious surveillance activities, even in instances where the phone's operating system has been compromised. They call it an Introspection Engine, and their use model is a...