Groups

Technical - Application Security

Contact owners and managers

1–30 of 4722

0 selected

May 16

Supply Chain Compromise in node-ipc npm Package

The Supply Chain Strikes Again: Credential-Stealing Malware Hidden in node-ipc https://www.upwind.io/

unread,

Supply Chain Compromise in node-ipc npm Package

The Supply Chain Strikes Again: Credential-Stealing Malware Hidden in node-ipc https://www.upwind.io/

May 16

May 16

First public macOS kernel memory corruption exploit on Apple M5

https://blog.calif.io/p/first-public-kernel-memory-corruption Eyal Estrin Author | Cloud Architect |

unread,

First public macOS kernel memory corruption exploit on Apple M5

https://blog.calif.io/p/first-public-kernel-memory-corruption Eyal Estrin Author | Cloud Architect |

May 16

May 16

Claw Chain: Cyera Research Unveil Four Chainable Vulnerabilities in OpenClaw

https://www.cyera.com/blog/claw-chain-cyera-research-unveil-four-chainable-vulnerabilities-in-

unread,

Claw Chain: Cyera Research Unveil Four Chainable Vulnerabilities in OpenClaw

https://www.cyera.com/blog/claw-chain-cyera-research-unveil-four-chainable-vulnerabilities-in-

May 16

May 15

Yarbo - NAT In My Back Yard

https://github.com/Bin4ry/yarbo-nat-in-my-back-yard Eyal Estrin Author | Cloud Architect | AWS •

unread,

Yarbo - NAT In My Back Yard

https://github.com/Bin4ry/yarbo-nat-in-my-back-yard Eyal Estrin Author | Cloud Architect | AWS •

May 15

May 15

OpenAI confirms security breach in TanStack supply chain attack

https://www.bleepingcomputer.com/news/security/openai-confirms-security-breach-in-tanstack-supply-

unread,

OpenAI confirms security breach in TanStack supply chain attack

https://www.bleepingcomputer.com/news/security/openai-confirms-security-breach-in-tanstack-supply-

May 15

May 14

TanStack and 160+ npm/PyPI Packages Compromised in Supply Chain Worm Attack

https://orca.security/resources/blog/tanstack-npm-supply-chain-worm/ Eyal Estrin Author | Cloud

unread,

TanStack and 160+ npm/PyPI Packages Compromised in Supply Chain Worm Attack

https://orca.security/resources/blog/tanstack-npm-supply-chain-worm/ Eyal Estrin Author | Cloud

May 14

May 14

Mystery Microsoft bug leaker keeps the zero-days coming

https://www.theregister.com/security/2026/05/13/disgruntled-researcher-releases-two-more-microsoft-

unread,

Mystery Microsoft bug leaker keeps the zero-days coming

https://www.theregister.com/security/2026/05/13/disgruntled-researcher-releases-two-more-microsoft-

May 14

May 12

Mythos finds a curl vulnerability

https://daniel.haxx.se/blog/2026/05/11/mythos-finds-a-curl-vulnerability/ Eyal Estrin Author | Cloud

unread,

Mythos finds a curl vulnerability

https://daniel.haxx.se/blog/2026/05/11/mythos-finds-a-curl-vulnerability/ Eyal Estrin Author | Cloud

May 12

May 12

TanStack npm Packages Compromised in Ongoing Mini Shai-Hulud Supply-Chain Attack

https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack Eyal

unread,

TanStack npm Packages Compromised in Ongoing Mini Shai-Hulud Supply-Chain Attack

https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack Eyal

May 12

May 12

Official CheckMarx Jenkins package compromised with infostealer

https://www.bleepingcomputer.com/news/security/official-checkmarx-jenkins-package-compromised-with-

unread,

Official CheckMarx Jenkins package compromised with infostealer

https://www.bleepingcomputer.com/news/security/official-checkmarx-jenkins-package-compromised-with-

May 12

May 11

CVE-2026-44843: One Chat Message Steals Your Credentials. Then It Gets Worse!

https://medium.com/@dewankpant/cve-2026-44843-one-chat-message-steals-your-credentials-then-it-gets-

unread,

CVE-2026-44843: One Chat Message Steals Your Credentials. Then It Gets Worse!

https://medium.com/@dewankpant/cve-2026-44843-one-chat-message-steals-your-credentials-then-it-gets-

May 11

May 9

5 Malicious NuGet Packages Impersonate Chinese UI Libraries to Distribute Crypto Wallet and Credential Stealer

https://socket.dev/blog/5-malicious-nuget-packages-impersonate-chinese-ui-libraries Eyal Estrin

unread,

5 Malicious NuGet Packages Impersonate Chinese UI Libraries to Distribute Crypto Wallet and Credential Stealer

https://socket.dev/blog/5-malicious-nuget-packages-impersonate-chinese-ui-libraries Eyal Estrin

May 9

May 9

CVE-2025-68670: discovering an RCE vulnerability in xrdp

https://securelist.com/cve-2025-68670/119742/ Eyal Estrin Author | Cloud Architect | AWS • Azure •

unread,

CVE-2025-68670: discovering an RCE vulnerability in xrdp

https://securelist.com/cve-2025-68670/119742/ Eyal Estrin Author | Cloud Architect | AWS • Azure •

May 9

May 8

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

https://thehackernews.com/2026/05/vm2-nodejs-library-vulnerabilities.html Eyal Estrin Author | Cloud

unread,

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

https://thehackernews.com/2026/05/vm2-nodejs-library-vulnerabilities.html Eyal Estrin Author | Cloud

May 8

May 8

Donuts and Beagles: Fake Claude site spreads backdoor

https://www.sophos.com/en-us/blog/donuts-and-beagles-fake-claude-site-spreads-backdoor Eyal Estrin

unread,

Donuts and Beagles: Fake Claude site spreads backdoor

https://www.sophos.com/en-us/blog/donuts-and-beagles-fake-claude-site-spreads-backdoor Eyal Estrin

May 8

May 8

Reading Between the Pixels

Part 1: Assessing Prompt Injection Attack Success in Images https://blogs.cisco.com/ai/reading-

unread,

Reading Between the Pixels

Part 1: Assessing Prompt Injection Attack Success in Images https://blogs.cisco.com/ai/reading-

May 8

May 8

React and Next.js Hit With 12 Security Flaws — Three Let Attackers Bypass Auth, Hijack Servers

https://www.cyberkendra.com/2026/05/react-and-nextjs-hit-with-12-security.html https://github.com/

unread,

React and Next.js Hit With 12 Security Flaws — Three Let Attackers Bypass Auth, Hijack Servers

https://www.cyberkendra.com/2026/05/react-and-nextjs-hit-with-12-security.html https://github.com/

May 8

May 7

The Jenkins Threat Landscape

https://www.wiz.io/blog/jenkins-threat-risk-insights Eyal Estrin Author | Cloud Architect | AWS •

unread,

The Jenkins Threat Landscape

https://www.wiz.io/blog/jenkins-threat-risk-insights Eyal Estrin Author | Cloud Architect | AWS •

May 7

May 7

Secret scanning with GitHub MCP Server is now generally available

https://github.blog/changelog/2026-05-05-secret-scanning-with-github-mcp-server-is-now-generally-

unread,

Secret scanning with GitHub MCP Server is now generally available

https://github.blog/changelog/2026-05-05-secret-scanning-with-github-mcp-server-is-now-generally-

May 7

May 6

WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities

https://www.securityweek.com/whatsapp-discloses-file-spoofing-arbitrary-url-scheme-vulnerabilities/

unread,

WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities

https://www.securityweek.com/whatsapp-discloses-file-spoofing-arbitrary-url-scheme-vulnerabilities/

May 6

May 6

We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is

https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html Eyal Estrin Author | Cloud

unread,

We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is

https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html Eyal Estrin Author | Cloud

May 6

May 6

Critical Remote Memory Leak Vulnerability in Ollama (CVE-2026-7482)

Bleeding Llama: Critical Unauthenticated Memory Leak in Ollama https://www.cyera.com/research/

unread,

Critical Remote Memory Leak Vulnerability in Ollama (CVE-2026-7482)

Bleeding Llama: Critical Unauthenticated Memory Leak in Ollama https://www.cyera.com/research/

May 6

May 4

PyPI Fixes High-Severity Access Control Issues Found in Security Audit

https://socket.dev/blog/pypi-fixes-high-severity-issues-found-in-security-audit Eyal Estrin Author |

unread,

PyPI Fixes High-Severity Access Control Issues Found in Security Audit

https://socket.dev/blog/pypi-fixes-high-severity-issues-found-in-security-audit Eyal Estrin Author |

May 4

May 4

Is this the end? NHS is apparently shutting down most of its open-source repos. Here's why

https://www.neowin.net/news/is-this-the-end-nhs-is-apparently-shutting-down-most-of-its-open-source-

unread,

Is this the end? NHS is apparently shutting down most of its open-source repos. Here's why

https://www.neowin.net/news/is-this-the-end-nhs-is-apparently-shutting-down-most-of-its-open-source-

May 4

May 4

Backdooring CODESYS Applications via Vulnerability Chaining

https://www.nozominetworks.com/blog/backdooring-codesys-applications-via-vulnerability-chaining Eyal

unread,

Backdooring CODESYS Applications via Vulnerability Chaining

https://www.nozominetworks.com/blog/backdooring-codesys-applications-via-vulnerability-chaining Eyal

May 4

May 4

Scammers vibecode server to verify stolen credit cards, leak details of 345K cards

https://cybernews.com/security/jerrys-store-vibecode-exposes-stolen-credit-cards/ Eyal Estrin Author

unread,

Scammers vibecode server to verify stolen credit cards, leak details of 345K cards

https://cybernews.com/security/jerrys-store-vibecode-exposes-stolen-credit-cards/ Eyal Estrin Author

May 4

May 3

Malicious Ruby Gems and Go Modules Impersonate Developer Tools to Steal Secrets and Poison CI

https://socket.dev/blog/malicious-ruby-gems-and-go-modules-steal-secrets-poison-ci Eyal Estrin Author

unread,

Malicious Ruby Gems and Go Modules Impersonate Developer Tools to Steal Secrets and Poison CI

https://socket.dev/blog/malicious-ruby-gems-and-go-modules-steal-secrets-poison-ci Eyal Estrin Author

May 3

May 1

Popular PyTorch Lightning Package Compromised by Mini Shai-Hulud

https://www.aikido.dev/blog/pytorch-lightning-pypi-compromise-mini-shai-hulud Eyal Estrin Author |

unread,

Popular PyTorch Lightning Package Compromised by Mini Shai-Hulud

https://www.aikido.dev/blog/pytorch-lightning-pypi-compromise-mini-shai-hulud Eyal Estrin Author |

May 1

Apr 30

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

https://arstechnica.com/information-technology/2026/04/why-a-recent-supply-chain-attack-singled-out-

unread,

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

https://arstechnica.com/information-technology/2026/04/why-a-recent-supply-chain-attack-singled-out-

Apr 30

Apr 30

The State of Mobile App Security, 2026

https://www.quokka.io/blog/the-state-of-mobile-app-security-2026-report-findings Eyal Estrin Author |

unread,

The State of Mobile App Security, 2026

https://www.quokka.io/blog/the-state-of-mobile-app-security-2026-report-findings Eyal Estrin Author |

Apr 30

Search

Clear search

Close search

Google apps

Main menu