Development & Open Source
Software development and open source follows supply chain, dependencies, tooling, repositories and code security. The cluster highlights vulnerabilities, updates and useful practices for developers and maintainers.

Edgecution: Malicious Edge Extension Bypasses Sandbox via Native Messaging
Zscaler ThreatLabz documents a campaign where the Edgecution extension abuses Chrome's Native Messaging API to escape the browser sand…

Unraid: Command Injection in ToggleState.php Enables RCE
CVE-2026-9773 in the Unraid web server: command injection in ToggleState.php allows authenticated remote code execution. CVSS 8.8, fix…

Linux Process Masquerading Tricks ps and top
On Linux, malicious processes mask their name and command line by abusing prctl and argv memory overwrites. Standard tools like ps and…

The Fake kworker: How APTs Masquerade Linux Processes
Ps and top become unreliable: APTs overwrite argv[0] and use prctl to impersonate kworker. eBPF tools like Kunai detect the real binar…

GitHub Hardens Actions Checkout Against Pwn Request Attacks
GitHub ships actions/checkout v7 with default blocking for malicious forks. Workflows pinned to a specific SHA remain exposed — here's…

OpenAI Shifts the Remediation Paradox: From Finding Bugs to Patching Them
OpenAI releases GPT-5.5-Cyber and the Patch the Planet initiative. AI has solved vulnerability discovery, creating a larger problem: t…

DifyTap: Four CVEs Expose Broken Cross-Tenant Isolation in Dify
Zafran Security disclosed DifyTap, four vulnerabilities in Dify that allowed cross-tenant reading of conversations and files. Three we…

Samsung rlottie: RCE via Integer Truncation, Open-Source Patch Available
A short-vs-int type error in Samsung's rlottie graphics library enables remote code execution through a malicious animation file. A pa…

Atril RCE via EPUB: Patch Available Nine Days Before Disclosure
ZDI-26-360: A heap buffer overflow in the MATE Desktop's Atril document viewer enables remote code execution through malicious EPUB fi…

iOS AI Apps: 282 Exposed, Only 28% Fixed
Wake Forest study finds 282 of 444 analyzed iOS LLM apps leak API credentials. After 90 days of responsible disclosure, just 28% remed…

systemd 261: Software TPM and Native Installer Rewrite the Rules
systemd 261 expands the project's scope well beyond its traditional init system role, introducing a software TPM based on IBM swtpm, a…

Microsoft Attributes Mastra Supply-Chain Attack to North Korean Sapphire Sleet
Microsoft assesses with high confidence that the supply-chain compromise of more than 140 @mastra npm packages was carried out by the…