Nx Console VSCode Extension Hijacked: Act Now
The Nx Console VS Code extension was backdoored for 18 minutes on May 18. 6,000+ developers exposed. Here is what was stolen and ...
YellowKey & GreenPlasma: Two Windows Zero-Days With No Patch
A rogue researcher dropped two unpatched Windows zero-days — YellowKey bypasses BitLocker via USB; GreenPlasma ...
PraisonAI CVE-2026-44338: Auth Off by Default, Exploited Fast
CVE-2026-44338 left PraisonAI open to unauthenticated workflow execution. Attackers were scanning within 4 hours. Check ...
GitHub Breached via Malicious VS Code Extension (2026)
GitHub confirmed this week that a threat actor called TeamPCP exfiltrated approximately 3,800 internal repositories ...
NGINX Rift (CVE-2026-42945): Patch Now or Get Exploited
NGINX Rift is a critical heap buffer overflow actively exploited since May 16. Here is ...
Claude Managed Agents: MCP Tunnels and Self-Hosted Sandboxes
Anthropic shipped self-hosted sandboxes and MCP tunnels for Claude Managed Agents. Here's what each feature does, how they work, and what changes for ...
Rust Is Stable in Linux Kernel 7.0: What Devs Must Know
Linux kernel 7.0 dropped Rust experimental label in April 2026. Debian APT now requires Rust ...
CISA AWS GovCloud Keys Exposed on Public GitHub for 6 Months
A Nightwing contractor for CISA left AWS GovCloud credentials, plaintext passwords, and Artifactory access in ...
GitHub Actions pull_request_target Flaw Exposed Grafana Code
Grafana's private codebase was stolen via a GitHub Actions pull_request_target flaw. MITRE and Splunk had ...
Firebase Genkit 2.0: MCP Servers, Cloud Trace, and GA
Firebase Genkit 2.0 hits GA at Google I/O 2026 with native MCP server support, Cloud ...