Development & Open Source
Software development and open source follows supply chain, dependencies, tooling, repositories and code security. The cluster highlights vulnerabilities, updates and useful practices for developers and maintainers.

Attack Surface 2026: 42% of Companies Have Databases Exposed to the Internet
Intruder's report on 3,000 organizations reveals the midmarket paradox: growing companies with enterprise-scale attack surfaces and SM…

X.Org Server UAF CVE-2026-34001: Local Root Escalation on Linux
ZDI-26-335 discloses a use-after-free in X.Org Server's SyncTriggerList: CVSS 7.8, local attack with no user interaction, X.Org patch…

Klue Breach: Dormant OAuth Credential Opens Multi-Victim Door to Salesforce
The Icarus extortion group exfiltrated CRM data from Klue customers by abusing stolen OAuth tokens. Cybersecurity vendor Huntress conf…

The 'robase' Malware Empties Entire Roblox Games: From Hat Theft to Digital Business Seizure
A malware campaign using the Python package 'robase' steals authenticated session tokens from Roblox developers via Discord social eng…

vbdec Disassembler Becomes Local AI Server via COM/ROT
Cisco Talos demonstrates how exposing vbdec's object model to the Windows Running Object Table enables local agentic automation withou…

MySQL Exposed at 26%: The 2026 Top 10 Attack Surface Exposures
Intruder's 2026 ASM Index reveals exposed databases and admin panels as primary vectors. Time-to-exploit has collapsed to a single day…

Malicious JetBrains Plugins Steal AI API Keys: 70,000 Downloads
A coordinated campaign of 15 malicious plugins on the JetBrains Marketplace exfiltrates AI API keys from developers' IDEs. Roughly 70,…

X.Org Server: Root LPE via XkbSetCompatMap; Patch Released
CVE-2026-33999 in X.Org Server enables local privilege escalation to root. Discovered by ZDI, the fix follows a coordinated disclosure…

ZDI-26-360: RCE Vulnerability in MATE’s Atril Document Viewer Patched in Version 1.26.4
A heap-based buffer overflow in the Atril EPUB parser (MATE Desktop) allows for remote code execution. The vulnerability is addressed…

ZDI-26-337: X.Org Server Vulnerability Enables Root Escalation on Linux
CVE-2026-34003 identifies a buffer overflow in the X.Org Server's CheckKeyTypes() function, allowing local privilege escalation to roo…

ZDI-26-336: X.Org Bug Exposes Sensitive Data, Enables Root Escalation
An out-of-bounds (OOB) read in X.Org Server’s CheckKeyActions allows local users to disclose sensitive memory. While the CVSS 6.1 scor…

Gogs Zero-Day RCE: CVSS 9.4 Critical Flaw Remains Unpatched After Two Months
A critical argument injection vulnerability in Gogs' git rebase functionality enables remote code execution. Despite disclosure to mai…