Quasar Linux RAT Targets Developer Credentials: Check Now
The QLNX Linux RAT targets developer dotfiles — npm tokens, AWS keys, kubeconfig — with an eBPF rootkit and 4/60 AV detection rate. ...
GitHub Actions 2026 Security Roadmap: Lock Your Pipeline
GitHub's 2026 Actions security roadmap ships dependency locking, a native Layer 7 egress firewall, and ...
Linux 7.0 io_uring: BPF Filtering Ends the Security Debate
Linux 7.0 adds BPF filtering to io_uring, closing the security gap that forced teams to ...
Ingress NGINX Is Dead — Migrate to Kubernetes Gateway API Now
kubernetes/ingress-nginx reached EOL on March 24, 2026. No more CVE patches. Use ingress2gateway 1.0 to ...
70% of Dev Teams Run AI Agents on the Wrong Infrastructure
Coder Agents launches in beta — a self-hosted, model-agnostic AI coding platform where source code, ...
TanStack Supply Chain Attack: Audit Your CI Now
84 malicious TanStack npm packages published in 6 minutes via GitHub Actions hijack. Check your lockfile, rotate credentials, and harden your CI now.
OpenAI Daybreak: AI Vulnerability Detection Is Now in Your Dev Pipeline
OpenAI Daybreak uses Codex Security to map attack paths, validate exploits in a sandbox, and ...
node-ipc Compromised: Rotate Your CI Secrets Now
node-ipc versions 9.1.6, 9.2.3, and 12.0.1 were compromised via an expired email domain. 90+ credential ...
Socket Raises $60M as AI Code Creates Supply Chain Crisis
Socket hit a $1B valuation blocking 1,000+ supply chain attacks weekly. Here’s why AI coding ...
Google API Keys Active 23 Minutes After Deletion — Won’t Fix
Deleted Google API keys stay active up to 23 minutes. Google closed the report as ...