YellowKey & GreenPlasma: Two Windows Zero-Days With No Patch
A rogue researcher dropped two unpatched Windows zero-days — YellowKey bypasses BitLocker via USB; GreenPlasma escalates to SYSTEM. Here’s what to do now.
PraisonAI CVE-2026-44338: Auth Off by Default, Exploited Fast
CVE-2026-44338 left PraisonAI open to unauthenticated workflow execution. Attackers were scanning within 4 hours. Check ...
GitHub Breached via Malicious VS Code Extension (2026)
GitHub confirmed this week that a threat actor called TeamPCP exfiltrated approximately 3,800 internal repositories ...
NGINX Rift (CVE-2026-42945): Patch Now or Get Exploited
NGINX Rift is a critical heap buffer overflow actively exploited since May 16. Here is ...
Claude Managed Agents: MCP Tunnels and Self-Hosted Sandboxes
Anthropic shipped self-hosted sandboxes and MCP tunnels for Claude Managed Agents. Here's what each feature ...
Rust Is Stable in Linux Kernel 7.0: What Devs Must Know
Linux kernel 7.0 dropped Rust experimental label in April 2026. Debian APT now requires Rust too. Here is what changed, what you can ...
CISA AWS GovCloud Keys Exposed on Public GitHub for 6 Months
A Nightwing contractor for CISA left AWS GovCloud credentials, plaintext passwords, and Artifactory access in ...
GitHub Actions pull_request_target Flaw Exposed Grafana Code
Grafana's private codebase was stolen via a GitHub Actions pull_request_target flaw. MITRE and Splunk had ...
Firebase Genkit 2.0: MCP Servers, Cloud Trace, and GA
Firebase Genkit 2.0 hits GA at Google I/O 2026 with native MCP server support, Cloud ...
Python 3.15 Beta 1: Lazy Imports, JIT Gains, and Tachyon Are Locked In
Python 3.15 beta 1 is out and feature-frozen. Here's what landed: lazy imports with PEP ...