Expired domain leads to supply chain attack on node-ipc npm package
A popular npm package called node-ipc has been compromised, with hackers publishing malicious versions that bundle credential stealing malware. The...
Vibe Coding Cheat Sheet: Tools, Prompts, Security Tips, and More
This vibe coding cheat sheet explains how plain-language prompts can build apps fast, plus the planning, testing, and security checks needed.
The post Vibe Coding...
The AWS AI Security Framework: Securing AI with the right controls, at the right...
TL;DR for busy executives The AWS AI Security Framework helps security leaders move fast and stay secure with AI. Security compounds from day 1...
OpenAI Warns Mac Users to Update Apps After Supply-Chain Attack
OpenAI says Mac users must update ChatGPT, Codex, and Atlas apps by June 12 after an npm supply-chain attack exposed signing certificates.
The post OpenAI...
Gremlin Stealer Evolves into Modular Threat with Advanced Evasion Capabilities
A new Gremlin stealer variant has evolved into a modular toolkit with advanced evasion and data theft capabilities, according to new Unit 42 research...
CVE-2026-40379 Azure Entra ID Spoofing Vulnerability
Corrected CVE title. This is an informational change only. - Read more
Microsoft Reports Severe Zero-Day Flaw in On-Prem Exchange Servers
The zero-day vulnerability affects on-premises installations for all versions of Exchange Server 2016, 2019 and Subscription Edition - Read more
Jaguar Land Rover profit slumps after cyber attack
The financial impact of last year’s cyber attack on Jaguar Land Rover continues to be felt, with full-year sales and profits at the carmaker...
Developer withdraws plans for Perth datacentre after fierce community opposition
Three-storey GreenSquare datacentre in Hazelmere was to power cloud computing and the acceleration of AIGet our breaking news email, free app or daily news...
April 2026 CVE Landscape
In April 2026, Insikt Group® identified 37 high-impact vulnerabilities that should be prioritized for remediation, 35 of which had a Very Critical Recorded...
Latest article
CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection
Information published. - Read more
Microsoft Exchange, Windows 11, and Cursor Zero-Days Exploited on Pwn2Own Day 2
Pwn2Own Berlin 2026 is rapidly escalating into one of the most intense offensive security contests in recent years, with Day Two delivering a fresh...
CVE-2026-42945: Imperva Customers Protected Against Critical NGINX Rewrite Module Vulnerability
TL;DR: Researchers recently disclosed CVE-2026-42945, a critical heap-based buffer overflow vulnerability affecting both NGINX Open Source and NGINX Plus. The flaw exists within the...
Expired domain leads to supply chain attack on node-ipc npm package
A popular npm package called node-ipc has been compromised, with hackers publishing malicious versions that bundle credential stealing malware. The...
