SecurityWeek

Decades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks

Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, creating a new software supply ...
Windows Report

Mozilla Warns Clean GitHub Repositories Can Trick Claude Code Into Running Malware

Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub repositories.
Tech Times

Cisco SD-WAN Zero-Day Exploit: Mandiant Reveals Malicious CSV Opened Root Shell

Cisco SD-WAN zero-day CVE-2026-20245 was exploited months before disclosure: Mandiant reveals how a malicious CSV file ...

Apiiro Named a Leader in the Gartner® Magic Quadrant™ for Software Supply Chain Security

Apiiro, the Guardian Agent acting as the control plane for Agentic Development Security, today announced that it has been named a Leader in the inaugural Gartner® Magic Quadrant™ for Software Supply ...
Worthplaying

'Mortal Shell II' Open Beta Exceeds 500K+ Downloads

Mortal Shell II is a standalone sequel action/RPG with adrenaline-charged, high-stakes combat where you possess warrior ...

New Windows Zero-Day Claims BitLocker Bypass Amid Microsoft Disclosure Fight

A new Windows zero-day reportedly bypasses BitLocker, adding pressure on Microsoft as researchers debate the exploit’s real-world impact.
CSOonline

Microsoft feud escalates as researcher drops new Windows zero-day

The long-running feud between Microsoft and security researcher Nightmare Eclipse has entered a new chapter. Eclipse, who has spent the past several months publicly releasing unpatched Windows ...
techtimes

Cisco Unified CM SSRF Flaw CVE-2026-20230: Public Exploit Code Opens Path to Root

Cisco disclosed a critical server-side request forgery vulnerability in its Unified Communications Manager platform on Wednesday, and by Thursday morning working proof-of-concept exploit code was ...
PC World

Unpatched Windows zero-day from 2020 gives hackers full system access

PCWorld reports that security researcher Nightmare-Eclipse discovered a critical Windows 11 vulnerability (CVE-2020-17103) that Microsoft supposedly patched in 2020 but remains exploitable. The flaw ...
Forbes

Microsoft Confirms Active 0-Day Exploit—Check Emergency Mitigation

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. Microsoft confirms Exchange zero-day, CISA warns it's under active exploitation. Updated May ...
LinuxInsider

Dirty Frag Linux Vulnerability Raises New Root Access Risks

For the second time in two weeks, a significant privilege escalation vulnerability has been discovered in Linux. The vulnerability known as "Dirty Frag" enables escalation from an unprivileged user to ...
Hackaday

This Week In Security: Another Linux Exploit, Ubuntu Knocked Offline, Finals Interrupted, And Backdoored Tools

After the CopyFail vulnerability gave root access from any user on almost all distributions last week, this week we’ve got DirtyFrag. This chains the vulnerability in CopyFail (xfrm-ESP) and a new ...