Development & Open Source
Software development and open source follows supply chain, dependencies, tooling, repositories and code security. The cluster highlights vulnerabilities, updates and useful practices for developers and maintainers.
SI-CERT: How a 13-Person Team Manages 6,000 Annual Incidents
Slovenia’s national CSIRT, SI-CERT, processes 6,000 cyber incidents annually with a core staff of just 13. By deploying a specialized…
Gitea Bug Exposed Private Container Images for Four Years
CVE-2026-27771: A critical flaw in Gitea’s container registry left approximately 31,750 instances vulnerable for nearly four years. Di…
DNS-AID: Linux Foundation Launches Decentralized Discovery for AI Agents
The Linux Foundation has launched DNS-AID, an open-source protocol that leverages existing DNS infrastructure to enable decentralized…
Critical Flowise RCE: Exploit Code Released for CVSS 9.9 Vulnerability
Obsidian Security has published proof-of-concept exploit code for CVE-2026-40933, a critical RCE vulnerability in Flowise. The flaw le…
CIFSwitch: Linux Kernel Bug Grants Root Access on CentOS and Rocky Linux
CIFSwitch enables local privilege escalation to root across multiple Linux distributions. While a public PoC is available and an upstr…
7-Zip CVE-2026-48095: NTFS Heap Overflow Enables Vtable Hijacking
A critical heap buffer overflow in 7-Zip 26.00 allows for Remote Code Execution (RCE) via specially crafted NTFS files, regardless of…
Docker Desktop ECI Flaw: High-Severity LPE Vulnerability Enables Container Escapes
A vulnerability in Docker Desktop’s Enhanced Container Isolation (ECI) allows for local privilege escalation with a CVSS score of 8.8.…
TrapDoor Campaign Targets Crypto and AI Developers via 34+ Malicious Packages
The TrapDoor campaign deployed credential-stealing malware across npm, PyPI, and Crates.io, exfiltrating crypto wallets and weaponizin…
GitLab 19.0 Debuts Native Secrets Management and Air-Gapped AI
GitLab 19.0 integrates native secrets management, agentic merge request workflows, and self-hosted AI models, reinforcing its 'single…
Unit 42: Frontier AI Models Exploiting Open-Source Transparency to Automate Supply Chain Attacks
Frontier AI models are demonstrating the autonomous reasoning required to identify vulnerabilities in open-source code and orchestrate…
CVE-2026-46333: Nine-Year-Old Linux Kernel Flaw Enables Root Escalation
Qualys researchers have disclosed CVE-2026-46333, a Linux kernel vulnerability dormant since 2016 that enables local privilege escalat…
GitHub: 3,800 Internal Repos Exfiltrated via Trojanized VS Code Extension
GitHub has confirmed the theft of approximately 3,800 internal repositories after an employee installed a trojanized version of the Nx…