Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching cycles.

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

Because attacker-supplied flow data is used in public flows, the bug leads to unauthenticated remote code execution.

Sysdig cited figures from the Zero Day Clock initiative which revealed that median time-to-exploit (TTE) collapsed from 771 ...

GlassWorm attack uses stolen GitHub tokens to inject malware into Python repositories, exposing developers to supply chain risks.

QR codes are widely used in entry and exit systems for various events to monitor the number of participants and ensure that ...

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...

Chainguard is expanding beyond open-source security to protect open-core software, AI agent skills, and GitHub Actions.

QCon London A member of Anthropic's AI reliability engineering team spoke at QCon London on why Claude excels at finding ...

Microsoft’s geospatial data service is designed to help research projects using public satellite and sensor information.

Semgrep, a leading code security company, today announced Semgrep Multimodal, a system that combines AI reasoning with rule-based analysis for detection, triage, and remediation.

A method for exfiltrating sensitive data from AI-powered code execution environments using domain name system (DNS) queries has been demonstrated by security researchers, highlighting potential risks ...