A single compromised account pushed malicious code to 42 repos across Microsoft and Azure GitHub orgs in under an hour. If you trust code because of who published it, that trust is now a liability.
A 19-year-old flaw in how Linux handles SMB/CIFS file shares lets any local user become root. If your office uses shared drives on a Linux server, you need to patch today.
LiteLLM, the proxy that manages your AI API keys, has a pre-auth SQL injection. CVSS 9.8. On CISA KEV. Exploited 36 hours after disclosure. Every API key it stores is compromised.
A use-after-free in Redis's Lua engine has been there since 2012. CVSS 10.0. Demonstrated at Pwn2Own. If your app uses Redis for caching or sessions, you need to check your version.
Any user can get remote code execution on a Gogs server through a malicious branch name. The maintainer was told in March. It's still not fixed. There's a public exploit. Self-hosters, good luck.
An unauthenticated attacker can reach internal services and steal credentials through GitHub Enterprise Server. If GitHub can ship an SSRF, what's hiding in your infrastructure?
Mass automated validation of stolen GitHub PATs from bulletproof hosting. They're testing which tokens are live, what scopes they have, and triaging the valuable ones. Revoke your old tokens today.
The third Linux kernel privilege escalation in six weeks. This one steals your passwords and SSH keys on the way up. Working exploits are public. Patch now.
Three CVEs. CVSS 10.0. The Node.js sandbox library used by AI agents, online code runners, and plugin engines can be escaped with a WebAssembly trick. The sandbox was never safe.
They've been hijacking Docker containers, Kubernetes clusters, and cloud credentials since 2019. If you run anything in the cloud -- and you almost certainly do -- TeamTNT is looking for the door you left open.
Attackers are recruiting internet-exposed Jenkins servers into DDoS botnets using default credentials and built-in script consoles. Your CI server has high bandwidth, elevated privileges, and nobody watching it.
Two new kernel vulnerabilities chain together for race-free root on every major distro. Exploited within 24 hours of disclosure. Same primitive class as Dirty Pipe and CopyFail. Patch your servers.
A 9-year-old kernel bug. 732-byte exploit. Works identically on Ubuntu, RHEL, Debian, Fedora, Amazon Linux. No race condition needed. On CISA KEV. Patch your servers.
An infostealer at a third-party AI company led to Vercel customer secrets being exposed. The attack chain: AI tool employee gets malware, attacker pivots to Vercel, customer API keys and DB credentials decrypted. Two months undetected.
UNC3886 used zero-days and rootkits to breach every major telecom provider in Singapore. The government ran an 11-month counteroperation called CYBER GUARDIAN. If state actors can own an entire country's telecom, what chance does your business have without help?
The Dutch data authority. The European Commission. Finland. The Council for the Judiciary. All breached through Ivanti EPMM zero-days. CVSS 9.8. If you manage mobile devices with Ivanti, check your version now.