CVE-2026-48907: Joomla JCE RCE Is Actively Exploited — Patch Now
CISA flagged CVE-2026-48907 in Joomla Content Editor as actively exploited. CVSS 10.0, no auth required. How to patch JCE to 2.9.99.6 and check ...
15 JetBrains Plugins Stole AI API Keys — 70,000 Installs
Aikido Security found 15 malicious JetBrains Marketplace plugins that silently stole OpenAI and DeepSeek API ...
GitHub Agentic Workflows Is in Public Preview Now
GitHub Agentic Workflows hit public preview June 11. Write CI automation in Markdown, compile to ...
LiteLLM CVE Chain: A Default User Account Becomes Full Server Access
Three vulnerabilities chain from a default LiteLLM user to full RCE. CISA confirmed active exploitation ...
GrapheneOS Ported to Android 17: What Changes Now
GrapheneOS has been ported to Android 17 with official releases coming soon. Here's what the ...
144 Mastra npm Packages Backdoored: What to Check Right Now
144 @mastra npm packages were compromised today via a hijacked contributor account and typosquatted easy-day-js dependency. Run npm ls easy-day-js to check if ...
OpenAI Deployment Simulation: How OpenAI Predicts Model Behavior Before Release
OpenAI’s new Deployment Simulation method predicts how AI models will misbehave in production before they ...
Amazon Quick Launches With Free Tier, Desktop App, and MCP Server
Amazon Quick replaces Q Business with a free-tier agentic AI assistant, desktop app with local ...
GLM-5.2 on Cloudflare Workers AI: 1M Context, Open Weights
GLM-5.2 lands on Cloudflare Workers AI with a 1M-token context, function calling, and MIT open ...
Amazon Bedrock AgentCore: Deploy Agents in 4 Commands
Amazon Bedrock AgentCore handles the infrastructure tax killing your AI agent projects. Here's what it ...