Development & Open Source
Software development and open source follows supply chain, dependencies, tooling, repositories and code security. The cluster highlights vulnerabilities, updates and useful practices for developers and maintainers.

ChocoPoC RAT: How Fake PoCs on PyPI Infected Vulnerability Researchers
ChocoPoC, a Python RAT, spreads via GitHub repositories posing as proof-of-concept exploits that hide the payload in transitive PyPI d…

ClickFix Evolves Into a Platform: Analysis of 3,000 Payloads Reveals API-Driven Delivery
A researcher analyzed 3,000 live ClickFix payloads, uncovering an API-driven architecture, rotating cryptographic wrappers, and adopti…

Agentjacking: Fake Bug Report Hijacks AI Coding Agents, 85% Success Rate
Tenet Security researchers demonstrated on June 12, 2026 that a poisoned Sentry error report can hijack Claude Code, Cursor, and Codex…

Langflow RCE Exploited for Miner Worm: 19-Day Campaign
CVE-2026-33017: Commodity operators exploit exposed AI endpoints to deploy Lambsys, an SSH worm that compromises entire enterprise inf…

DarkMoon: Open-Source AI Pentesting at $10 a Scan — and the Hard Limit of Vendor LLM Classifiers
DarkMoon separates LLM reasoning from execution via MCP to bypass Anthropic's safety classifiers. At roughly $10 per web-app scan, the…

ZDI-26-397: Use-After-Free in X.Org Server Opens Door to Local Privilege Escalation
A Use-After-Free flaw in X.Org Server's CreateSaverWindow function (CVE-2026-50263) lets a local low-privilege attacker leak sensitive…

ZDI-26-393: Stack Buffer Overflow in X.Org Server XKB Subsystem Enables Local Root Escalation
The Zero Day Initiative disclosed ZDI-26-393 on June 24, 2026, detailing a local privilege escalation vulnerability in X.Org Server. A…

Masquerading Linux: When ps Lies and eBPF Exposes the Truth
A SANS ISC post demonstrates how prctl and argv overwriting make ps and top unreliable on Linux, and why only eBPF tools like Kunai ca…

Miasma: The Malware Turning npm Into a Developer Trap
Miasma compromised 109 npm packages and GitHub Actions using Phantom Gyp and the Bun runtime. It extracts CI/CD secrets from memory an…

CVE-2026-46331: Linux 'pedit COW' Exploit Gains Root in 24 Hours
A Linux kernel bug corrupts the page cache of setuid binaries such as /bin/su without touching disk, bypassing all integrity checks.

DirtyClone: The Fourth Variant in the DirtyFrag Family
CVE-2026-43503, the fourth variant in the DirtyFrag family, exploits cloned packets to corrupt file-backed memory. JFrog published a f…

Linux Foundation Launches Akrites: A Shared SIRT for Open Source Software
Akrites brings 19 tech giants under one shared SIRT for open source vulnerabilities. A 5% patch rate and Dolan's admission: the road a…