Drupal CVE-2026-9082: Patch Now or Get Owned
Drupal's highly critical SA-CORE-2026-004 (CVE-2026-9082) is a no-auth SQL injection on PostgreSQL sites. Patch to 11.3.10 or 10.6.9 today before exploits ship.
Nx Console VSCode Extension Hijacked: Act Now
The Nx Console VS Code extension was backdoored for 18 minutes on May 18. 6,000+ ...
YellowKey & GreenPlasma: Two Windows Zero-Days With No Patch
A rogue researcher dropped two unpatched Windows zero-days — YellowKey bypasses BitLocker via USB; GreenPlasma ...
PraisonAI CVE-2026-44338: Auth Off by Default, Exploited Fast
CVE-2026-44338 left PraisonAI open to unauthenticated workflow execution. Attackers were scanning within 4 hours. Check ...
GitHub Breached via Malicious VS Code Extension (2026)
GitHub confirmed this week that a threat actor called TeamPCP exfiltrated approximately 3,800 internal repositories ...
NGINX Rift (CVE-2026-42945): Patch Now or Get Exploited
NGINX Rift is a critical heap buffer overflow actively exploited since May 16. Here is what triggers it, how to patch, and what ...
Claude Managed Agents: MCP Tunnels and Self-Hosted Sandboxes
Anthropic shipped self-hosted sandboxes and MCP tunnels for Claude Managed Agents. Here's what each feature ...
Rust Is Stable in Linux Kernel 7.0: What Devs Must Know
Linux kernel 7.0 dropped Rust experimental label in April 2026. Debian APT now requires Rust ...
CISA AWS GovCloud Keys Exposed on Public GitHub for 6 Months
A Nightwing contractor for CISA left AWS GovCloud credentials, plaintext passwords, and Artifactory access in ...
GitHub Actions pull_request_target Flaw Exposed Grafana Code
Grafana's private codebase was stolen via a GitHub Actions pull_request_target flaw. MITRE and Splunk had ...