Laravel-Lang Supply Chain Attack: 700 Repos Poisoned — Rotate Now
A supply chain attack rewrote 233 Laravel-Lang Composer package versions via Git tag manipulation. If you installed after May 22, your credentials are ...
Quasar Linux RAT Targets Developer Credentials: Check Now
The QLNX Linux RAT targets developer dotfiles — npm tokens, AWS keys, kubeconfig — with ...
GitHub Actions 2026 Security Roadmap: Lock Your Pipeline
GitHub's 2026 Actions security roadmap ships dependency locking, a native Layer 7 egress firewall, and ...
Linux 7.0 io_uring: BPF Filtering Ends the Security Debate
Linux 7.0 adds BPF filtering to io_uring, closing the security gap that forced teams to ...
Ingress NGINX Is Dead — Migrate to Kubernetes Gateway API Now
kubernetes/ingress-nginx reached EOL on March 24, 2026. No more CVE patches. Use ingress2gateway 1.0 to ...
70% of Dev Teams Run AI Agents on the Wrong Infrastructure
Coder Agents launches in beta — a self-hosted, model-agnostic AI coding platform where source code, prompts, and model traffic never leave your network.
TanStack Supply Chain Attack: Audit Your CI Now
84 malicious TanStack npm packages published in 6 minutes via GitHub Actions hijack. Check your ...
OpenAI Daybreak: AI Vulnerability Detection Is Now in Your Dev Pipeline
OpenAI Daybreak uses Codex Security to map attack paths, validate exploits in a sandbox, and ...
node-ipc Compromised: Rotate Your CI Secrets Now
node-ipc versions 9.1.6, 9.2.3, and 12.0.1 were compromised via an expired email domain. 90+ credential ...
Socket Raises $60M as AI Code Creates Supply Chain Crisis
Socket hit a $1B valuation blocking 1,000+ supply chain attacks weekly. Here’s why AI coding ...