Security intelligence covering Software Development Security: Secure SDLC, code review, application vulnerabilities, DevSecOps, and software security testing.https://cipherwatch.io/en-gbhttps://cipherwatch.io/articles/2026-06-16-arch-linux-aur-400-packages-ebpf-rootkit-supply-chain/https://cipherwatch.io/articles/2026-06-16-arch-linux-aur-400-packages-ebpf-rootkit-supply-chain/More than 400 packages in the Arch Linux User Repository were compromised by an attacker who spoofed trusted maintainer identities to push malicious preinstall scripts. The scripts deploy an ELF infostealer harvesting developer credentials and an optional eBPF rootkit that persists across package removal attempts.Tue, 16 Jun 2026 00:00:00 GMTsupply-chainarch-linuxrootkitebpflinuxdeveloper-credentialshttps://cipherwatch.io/articles/2026-06-14-miasma-shai-hulud-npm-pypi-supply-chain-100-packages/https://cipherwatch.io/articles/2026-06-14-miasma-shai-hulud-npm-pypi-supply-chain-100-packages/Security researchers have attributed a coordinated software supply chain attack to a threat cluster tracked as Miasma (also Shai Hulud), which compromised over 100 packages across npm and PyPI by stealing publisher credentials and injecting malicious code. The campaign reached the official Red Hat npm namespace, exposing organisations that rely on internal package mirror strategies as a security control.Sun, 14 Jun 2026 00:00:00 GMTsupply-chainnpmpypimiasmashai-huludpackage-managercredential-theftred-hatoss-securityhttps://cipherwatch.io/articles/2026-06-12-ai-infrastructure-security-pattern-2026/https://cipherwatch.io/articles/2026-06-12-ai-infrastructure-security-pattern-2026/Two AI infrastructure components — Langflow and LiteLLM — have reached the CISA Known Exploited Vulnerabilities catalogue in June 2026, both with command injection vulnerabilities in Python-based AI tooling. The pattern reflects a systemic gap: AI infrastructure is being deployed in enterprise environments under procurement and security processes designed for end-user applications, not for server-side infrastructure with network-accessible APIs.Fri, 12 Jun 2026 00:00:00 GMTai-infrastructurelangflowlitellmcve-2026-5027cve-2026-42271command-injectionpythoncisa-kevdeveloper-securityai-securityhttps://cipherwatch.io/articles/2026-06-10-langflow-cve-2026-5027-exploitation-ai-workflow/https://cipherwatch.io/articles/2026-06-10-langflow-cve-2026-5027-exploitation-ai-workflow/Exploitation of CVE-2026-5027 in Langflow, the AI workflow builder, has intensified following public PoC release. The path traversal remote code execution vulnerability, added to CISA's KEV on 8 June, is being used to deploy credential stealers and post-exploitation agents against organisations running unsecured Langflow instances. Upgrade to Langflow 1.3.5 immediately.Wed, 10 Jun 2026 00:00:00 GMTlangflowcve-2026-5027ai-infrastructurercepath-traversalcisa-kevactively-exploitedpythonai-workflowllmhttps://cipherwatch.io/articles/2026-06-10-veeam-backup-replication-cve-2026-44963-rce/https://cipherwatch.io/articles/2026-06-10-veeam-backup-replication-cve-2026-44963-rce/Veeam has patched CVE-2026-44963, a CVSS 9.4 remote code execution vulnerability in Veeam Backup & Replication that allows any domain user to execute arbitrary code on the Veeam backup server. The vulnerability exploits insufficient authorisation in the Veeam Backup Service API. Organisations using Veeam in Active Directory environments should apply the patch immediately.Wed, 10 Jun 2026 00:00:00 GMTveeambackupcve-2026-44963rcedomain-usersactive-directoryransomwarebackup-securitycvss-9-4https://cipherwatch.io/articles/2026-06-08-litellm-cve-2026-42271-ai-infrastructure-cisa-kev/https://cipherwatch.io/articles/2026-06-08-litellm-cve-2026-42271-ai-infrastructure-cisa-kev/CISA added CVE-2026-42271 in BerriAI LiteLLM to the Known Exploited Vulnerabilities catalogue on 8 June, confirming active exploitation of a command injection vulnerability that allows API keys with limited privileges to execute arbitrary commands on the LiteLLM host. Organisations running LiteLLM as an AI gateway should update to v1.83.7-stable immediately.Mon, 08 Jun 2026 00:00:00 GMTlitellmcve-2026-42271ai-infrastructurecommand-injectioncisa-kevapi-securityllm-gatewayactively-exploitedhttps://cipherwatch.io/articles/2026-06-08-vscode-extension-2hr-update-delay-supply-chain/https://cipherwatch.io/articles/2026-06-08-vscode-extension-2hr-update-delay-supply-chain/Microsoft has released VS Code 1.101 with a configurable two-hour delay on automatic extension updates. The change is a direct response to supply chain attacks in which malicious updates were pushed to popular extensions, executing on developer machines within minutes of publication. The delay gives security teams a detection window before malicious updates execute across the developer fleet.Mon, 08 Jun 2026 00:00:00 GMTvscodesupply-chainextension-securitydeveloper-toolsmicrosoftupdate-delayci-cddevops-securityhttps://cipherwatch.io/articles/2026-06-04-magento-php-extension-supply-chain-risk/https://cipherwatch.io/articles/2026-06-04-magento-php-extension-supply-chain-risk/CVE-2026-45247 in the Mirasvit Full Page Cache Warmer illustrates a structural security problem in the Magento ecosystem: eCommerce site security is determined not just by the core platform version, but by every third-party extension installed. This guide covers how to assess and reduce the Magento extension attack surface.Thu, 04 Jun 2026 00:00:00 GMTmagentophpsupply-chaincve-2026-45247extension-securityecommercedependency-managementdeserializationhttps://cipherwatch.io/articles/2026-06-03-mirasvit-magento-cve-2026-45247-rce-cisa-kev/https://cipherwatch.io/articles/2026-06-03-mirasvit-magento-cve-2026-45247-rce-cisa-kev/CISA added CVE-2026-45247 to the Known Exploited Vulnerabilities catalogue on 3 June, confirming active exploitation of a CVSS 9.8 PHP deserialization vulnerability in the Mirasvit Full Page Cache Warmer extension for Magento 2. Attackers exploit a malicious serialised cookie value to execute arbitrary code without authentication. The patch has been available since 25 May; organisations running Mirasvit FPC Warmer must update immediately.Wed, 03 Jun 2026 00:00:00 GMTmagentomirasvitcve-2026-45247php-deserializationrcecisa-kevecommerceactively-exploitedhttps://cipherwatch.io/articles/2026-06-02-servicenow-api-security-configuration-access-controls/https://cipherwatch.io/articles/2026-06-02-servicenow-api-security-configuration-access-controls/The ServiceNow API breach highlights the risk of zero-auth API endpoint exposure in SaaS ITSM platforms. ServiceNow's platform provides granular access control mechanisms — ACLs, application scope policies, and API gateway controls — that, if properly configured, limit the blast radius of similar incidents. This guide covers the core security configuration for ServiceNow REST APIs.Tue, 02 Jun 2026 00:00:00 GMTservicenowapi-securityaccess-controlaclitsmsaas-securityconfigurationhardeninghttps://cipherwatch.io/articles/2026-05-27-cisa-kev-daemon-tools-tanstack-nx-console-supply-chain/https://cipherwatch.io/articles/2026-05-27-cisa-kev-daemon-tools-tanstack-nx-console-supply-chain/CISA added three software supply-chain vulnerabilities to the Known Exploited Vulnerabilities catalogue on 27 May: CVE-2026-8398 (DAEMON Tools signed installer trojanised), CVE-2026-45321 (TanStack Query malicious npm package), and CVE-2026-48027 (Nx Console VS Marketplace extension backdoored). All three are attributed to TeamPCP's 'Mini Shai-Hulud' campaign targeting developer workstations.Wed, 27 May 2026 00:00:00 GMTcisa-kevsupply-chainteampcpdaemon-toolstanstacknx-consoledeveloper-toolchainnpmvs-marketplacehttps://cipherwatch.io/articles/2026-05-27-teampcp-mini-shai-hulud-developer-toolchain-campaign/https://cipherwatch.io/articles/2026-05-27-teampcp-mini-shai-hulud-developer-toolchain-campaign/TeamPCP's simultaneous compromise of three developer toolchain components — a code-signed installer, an npm package, and a VS Code extension — follows a refined methodology the group has been developing across multiple 2026 campaigns. The technical approach explains why these attacks reach environments that are otherwise well-defended.Wed, 27 May 2026 00:00:00 GMTteampcpsupply-chaindeveloper-securitynpmvs-codesigned-installercredential-theftdprkhttps://cipherwatch.io/articles/2026-05-23-wishlist-member-wordpress-four-cvss88-privilege-escalation/https://cipherwatch.io/articles/2026-05-23-wishlist-member-wordpress-four-cvss88-privilege-escalation/Wordfence published advisories for four CVSS 8.8 authorization failure vulnerabilities in WishList Member, a WordPress membership plugin with 100,000+ active installs, on 23 May 2026. Subscriber-level authenticated attackers can exploit the flaws to escalate to administrator access, read sensitive member data, and modify arbitrary site content. Patches are available.Sat, 23 May 2026 00:00:00 GMTwordpresswishlist-membermembership-pluginprivilege-escalationcve-2026-6419cve-2026-6895authorization-failurehttps://cipherwatch.io/articles/2026-05-22-golang-crypto-ssh-mass-advisory-cvss10-auth-bypass/https://cipherwatch.io/articles/2026-05-22-golang-crypto-ssh-mass-advisory-cvss10-auth-bypass/The Go security team published a coordinated batch of nine CVE fixes for the golang.org/x/crypto SSH library on 22 May, including CVE-2026-46595 (CVSS 10.0), which re-opens a previously patched SSH authentication bypass for services using non-public-key authentication callbacks. Enterprise environments using Go-based SSH tooling, CI/CD pipelines, Kubernetes components, and cloud management tooling are affected.Fri, 22 May 2026 00:00:00 GMTgolanggosshcryptographycve-2026-46595supply-chaindevopskubernetescicdhttps://cipherwatch.io/articles/2026-05-22-sketchup-cve-2026-9264-malicious-skp-rce-ie11/https://cipherwatch.io/articles/2026-05-22-sketchup-cve-2026-9264-malicious-skp-rce-ie11/Trimble disclosed CVE-2026-9264, a CVSS 9.3 remote code execution vulnerability in SketchUp 2026, on 22 May. An attacker who convinces a user to open a crafted .skp file can achieve code execution and local file exfiltration via XSS in SketchUp's Dynamic Components feature, which renders HTML content using an embedded IE11 browser with full local file system access.Fri, 22 May 2026 00:00:00 GMTsketchupcve-2026-9264rceie11xsscadarchitectureengineeringhttps://cipherwatch.io/articles/2026-05-20-chromadb-cve-2026-45829-cvss10-pre-auth-rce/https://cipherwatch.io/articles/2026-05-20-chromadb-cve-2026-45829-cvss10-pre-auth-rce/HiddenLayer and the Cloud Security Alliance published disclosures of CVE-2026-45829, a CVSS 10.0 unauthenticated remote code execution vulnerability in ChromaDB's Python FastAPI server, on 18–20 May 2026. Attackers can inject malicious code via a crafted HuggingFace-hosted model before the authentication gate fires. Approximately 73% of ChromaDB deployments are internet-exposed. No patch exists for affected versions.Wed, 20 May 2026 00:00:00 GMTchromadbvector-databaseai-securitycve-2026-45829rcehuggingfacerag-pipelinellm-securityhttps://cipherwatch.io/articles/2026-05-20-drupal-sa-core-2026-004-sql-injection-cve-2026-9082/https://cipherwatch.io/articles/2026-05-20-drupal-sa-core-2026-004-sql-injection-cve-2026-9082/Drupal published SA-CORE-2026-004 on 20 May, disclosing CVE-2026-9082, a highly critical unauthenticated SQL injection vulnerability in Drupal's database abstraction API affecting sites running PostgreSQL. The flaw is zero-click and unauthenticated, and Drupal warned that exploit code turnaround would be measured in hours. CISA added the CVE to the Known Exploited Vulnerabilities catalogue on 22 May after confirmed exploitation.Wed, 20 May 2026 00:00:00 GMTdrupalcmssql-injectioncve-2026-9082postgresqlweb-securitycritical-patchhttps://cipherwatch.io/articles/2026-05-18-ai-agent-cicd-pipeline-access-attack-surface/https://cipherwatch.io/articles/2026-05-18-ai-agent-cicd-pipeline-access-attack-surface/The Pwn2Own Berlin 2026 AI category results — five products exploited — have a compounding implication for organisations where AI coding agents are integrated with CI/CD pipelines, code repositories, and cloud deployment infrastructure. An exploited AI agent running in a pipeline is not a developer workstation compromise; it is a supply chain entry point.Mon, 18 May 2026 00:00:00 GMTai-securitycicdsupply-chaindeveloper-toolspipeline-securitygithub-actionsdevsecopshttps://cipherwatch.io/articles/2026-05-16-ai-coding-environments-pwn2own-lm-studio-codex-exploited/https://cipherwatch.io/articles/2026-05-16-ai-coding-environments-pwn2own-lm-studio-codex-exploited/Pwn2Own Berlin 2026 introduced an AI products category and saw both LM Studio and OpenAI Codex exploited on the same day through sandbox escapes and environment variable injection. The results raise urgent questions about the security of AI development tools running inside enterprise environments with access to code repositories, credentials, and production pipelines.Sat, 16 May 2026 00:00:00 GMTai-securitypwn2ownsandbox-escapelm-studioopenai-codexdeveloper-toolssupply-chainhttps://cipherwatch.io/articles/2026-05-14-burst-statistics-wordpress-auth-bypass-exploitation/https://cipherwatch.io/articles/2026-05-14-burst-statistics-wordpress-auth-bypass-exploitation/Threat actors are actively exploiting an authentication bypass vulnerability in the Burst Statistics WordPress analytics plugin, allowing unauthenticated attackers to gain administrative access to any WordPress site with the plugin installed. Over 100,000 WordPress sites use Burst Statistics. Sites have been observed being defaced, backdoored, and redirected to malicious domains within hours of exploitation.Thu, 14 May 2026 00:00:00 GMTwordpressauthentication-bypassburst-statisticscmsmass-exploitationhttps://cipherwatch.io/articles/2026-05-14-openai-tanstack-supply-chain-breach-certs-rotated/https://cipherwatch.io/articles/2026-05-14-openai-tanstack-supply-chain-breach-certs-rotated/OpenAI confirmed that two developer devices were compromised as a result of the TanStack npm supply chain attack disclosed on 12 May, with malicious postinstall hooks executing on machines running npm install within the six-minute poisoning window. OpenAI rotated all affected code-signing certificates and npm tokens and is investigating whether any internal packages published using the compromised credentials were delivered downstream.Thu, 14 May 2026 00:00:00 GMTopenaitanstacksupply-chaincode-signingcredential-thefthttps://cipherwatch.io/articles/2026-05-13-apple-webkit-safari-security-update-csp-bypass/https://cipherwatch.io/articles/2026-05-13-apple-webkit-safari-security-update-csp-bypass/Apple released a security update for Safari and WebKit on 13 May addressing more than ten vulnerabilities including memory corruption flaws enabling potential arbitrary code execution and a Content Security Policy bypass allowing cross-origin data access. The update applies to macOS Ventura, Sonoma, Sequoia, iOS, and iPadOS. Users should update immediately given WebKit's role as the rendering engine for all iOS browsers.Wed, 13 May 2026 00:00:00 GMTapplewebkitsafaricsp-bypassmemory-corruptionhttps://cipherwatch.io/articles/2026-05-12-tanstack-npm-oidc-hijack-supply-chain-attack/https://cipherwatch.io/articles/2026-05-12-tanstack-npm-oidc-hijack-supply-chain-attack/Attackers exploited a GitHub Actions misconfiguration in the TanStack project to publish 84 malicious versions of popular React ecosystem packages to the npm registry. The attack chained a Pwn Request misconfiguration, workflow cache poisoning, and runtime OIDC token theft to operate under TanStack's trusted publisher identity.Tue, 12 May 2026 00:00:00 GMTsupply-chainnpmgithub-actionsoidctanstackhttps://cipherwatch.io/articles/2026-05-10-pnpm-v11-package-age-quarantine-supply-chain-defence/https://cipherwatch.io/articles/2026-05-10-pnpm-v11-package-age-quarantine-supply-chain-defence/pnpm 11, released this week, introduces a package quarantine feature that by default blocks installation of any npm package published within the past 24 hours. The control targets the automated post-publish compromise pattern used by TeamPCP, CanisterSprawl, and similar supply chain threat actors who publish malicious package versions and immediately trigger mass installation before defenders can respond. It is the most substantive supply-chain-defensive default configuration added to a package manager since npm's provenance attestation.Sun, 10 May 2026 00:00:00 GMTpnpmnpmsupply-chainpackage-managerdeveloper-securityopen-sourcedependency-managementsecurity-defaultshttps://cipherwatch.io/articles/2026-05-09-fake-openai-huggingface-repo-rust-infostealer-244k/https://cipherwatch.io/articles/2026-05-09-fake-openai-huggingface-repo-rust-infostealer-244k/A malicious repository impersonating an official OpenAI project reached the top trending position on Hugging Face before being removed — delivering a Rust-compiled infostealer to an estimated 244,000 users who executed the repository's loader script. The attack exploited Hugging Face's trending algorithm and the high trust developers place in repositories attributed to the OpenAI organisation. Affected users should rotate all credentials accessible from the compromised machine.Sat, 09 May 2026 00:00:00 GMThugging-facesupply-chainopenai-impersonationinfostealerrust-malwareai-securitydeveloper-securitycredential-thefthttps://cipherwatch.io/articles/2026-05-08-jdownloader-site-hijacked-python-rat-supply-chain/https://cipherwatch.io/articles/2026-05-08-jdownloader-site-hijacked-python-rat-supply-chain/The official JDownloader download site was compromised during a window of approximately 18 hours between 6 and 7 May 2026, with legitimate installer downloads replaced by a trojanised package delivering a Python-based remote access trojan. JDownloader is a popular open-source download manager with millions of users. Users who installed JDownloader during the compromise window should treat their system as compromised and perform immediate credential rotation and system remediation.Fri, 08 May 2026 00:00:00 GMTsupply-chainjdownloadermalwarepython-ratdownload-hijackinginstaller-compromisecredential-thefthttps://cipherwatch.io/articles/2026-05-08-qlnx-linux-rat-devops-credential-theft-npm-pypi/https://cipherwatch.io/articles/2026-05-08-qlnx-linux-rat-devops-credential-theft-npm-pypi/Trend Micro researchers have identified QLNX (Quasar Linux), a Linux-targeting remote access trojan specifically designed to harvest developer credentials — npm tokens, PyPI upload credentials, AWS IAM keys, Docker registry credentials, and GitHub CLI tokens — from developer workstations. The harvested credentials are then used to publish malicious packages to npm and PyPI under the compromised developer's identity, enabling second-stage supply chain attacks against the developer's downstream users.Fri, 08 May 2026 00:00:00 GMTsupply-chainlinuxdeveloper-securitynpmpypicredential-theftratdevopspackage-registryhttps://cipherwatch.io/articles/2026-05-07-litellm-cve-2026-42208-sql-injection-cisa-kev/https://cipherwatch.io/articles/2026-05-07-litellm-cve-2026-42208-sql-injection-cisa-kev/CVE-2026-42208, a SQL injection vulnerability in the LiteLLM AI gateway proxy, has been added to the CISA Known Exploited Vulnerabilities catalogue following confirmed exploitation. LiteLLM is widely deployed in enterprise environments as a unified API layer routing requests to multiple LLM providers (OpenAI, Anthropic, Azure OpenAI, Bedrock). Exploitation allows an attacker to read and modify the LiteLLM database, including API keys, user records, and model configuration. Update to LiteLLM 1.42.2 immediately.Thu, 07 May 2026 00:00:00 GMTlitellmai-infrastructuresql-injectioncvecisa-kevllmai-gatewayenterprise-aiapi-securityhttps://cipherwatch.io/articles/2026-05-06-vm2-nodejs-sandbox-escape-cve-2026-26956/https://cipherwatch.io/articles/2026-05-06-vm2-nodejs-sandbox-escape-cve-2026-26956/A critical sandbox escape vulnerability in the vm2 Node.js sandboxing library allows a malicious script to break out of the sandbox and execute arbitrary code in the host Node.js process. CVE-2026-26956 affects all vm2 versions prior to 3.9.22 and is present in any application using vm2 to safely execute untrusted code — including serverless platforms, coding challenge sites, CI/CD systems, and plugin architectures. A PoC is publicly available.Wed, 06 May 2026 00:00:00 GMTnodejsvm2sandbox-escapecvejavascriptsupply-chainserverlesscode-executionhttps://cipherwatch.io/articles/2026-05-04-108-malicious-chrome-extensions-data-theft/https://cipherwatch.io/articles/2026-05-04-108-malicious-chrome-extensions-data-theft/Google has removed 108 extensions from the Chrome Web Store after researchers identified a coordinated malicious extension campaign conducting browser credential harvesting, session cookie theft, and clipboard monitoring across millions of installations. The extensions impersonated productivity tools, ad blockers, and security tools — with some active for over 18 months before detection. Enterprise Chrome deployments should audit installed extensions against the published IOC list.Mon, 04 May 2026 00:00:00 GMTchrome-extensionsbrowser-securitydata-theftcredential-harvestinggooglesupply-chainenterprise-browsershttps://cipherwatch.io/articles/2026-05-02-pytorch-lightning-pypi-supply-chain-compromise/https://cipherwatch.io/articles/2026-05-02-pytorch-lightning-pypi-supply-chain-compromise/PyTorch Lightning versions 2.6.2 and 2.6.3 on PyPI were found to contain a credential-stealing postinstall payload, extending the Mini Shai-Hulud supply chain campaign that previously compromised SAP's official npm packages. Organisations running AI/ML workloads should audit Python environments and rotate any credentials stored on affected development or CI/CD systems.Sat, 02 May 2026 00:00:00 GMTsupply-chainpypipytorchai-mlcredential-theftdeveloper-securitymini-shai-huludhttps://cipherwatch.io/articles/2026-05-01-github-enterprise-server-cve-2026-3854-rce/https://cipherwatch.io/articles/2026-05-01-github-enterprise-server-cve-2026-3854-rce/CVE-2026-3854, a critical-severity remote code execution vulnerability in GitHub Enterprise Server, allows an attacker to execute arbitrary code on the server with a single specially crafted Git push, requiring no authentication. Any internet-exposed or internally-accessible GHES instance is vulnerable. GitHub has released hotfixes across all supported branches; apply immediately.Fri, 01 May 2026 00:00:00 GMTgithub-enterprisecve-2026-3854rcegitdevops-securitysource-code-securityci-cdhttps://cipherwatch.io/articles/2026-04-30-jenkins-github-plugin-cve-2026-42523-stored-xss/https://cipherwatch.io/articles/2026-04-30-jenkins-github-plugin-cve-2026-42523-stored-xss/CVE-2026-42523, rated CVSS 9.0, is a stored cross-site scripting vulnerability in the Jenkins GitHub Plugin 1.46.0 and earlier. Exploitation allows an attacker with job creation rights to inject malicious JavaScript that executes in the browser of any Jenkins administrator who views the affected job — enabling session hijacking, secret extraction, and full pipeline takeover. Update to GitHub Plugin 1.46.1 or later.Thu, 30 Apr 2026 00:00:00 GMTjenkinsgithub-plugincve-2026-42523xssci-cdpipeline-securitydevops-securityhttps://cipherwatch.io/articles/2026-04-30-sap-npm-supply-chain-credential-theft/https://cipherwatch.io/articles/2026-04-30-sap-npm-supply-chain-credential-theft/Threat actors compromised official SAP npm packages to insert credential-harvesting code targeting enterprise developers working on SAP integration projects. The malicious packages exfiltrate environment variables, SSH keys, and cloud credentials from developer workstations. Enterprise teams using SAP npm packages in their CI/CD pipelines should audit package integrity and rotate potentially exposed credentials.Thu, 30 Apr 2026 00:00:00 GMTsapnpmsupply-chaincredential-theftdeveloper-securitypackage-managerhttps://cipherwatch.io/articles/2026-04-29-apache-thrift-cve-2026-41604-41636-oob-read-nodejs-dos/https://cipherwatch.io/articles/2026-04-29-apache-thrift-cve-2026-41604-41636-oob-read-nodejs-dos/Apache Thrift 0.23.0 addresses two vulnerabilities: CVE-2026-41604, an out-of-bounds read in the binary protocol parser affecting all language bindings that can crash Thrift-based services and potentially leak memory contents; and CVE-2026-41636, an uncontrolled recursion flaw in the Node.js library that enables remote denial of service via deeply nested Thrift structures. Organisations operating Thrift-based microservices or inter-service RPC should upgrade to 0.23.0.Wed, 29 Apr 2026 00:00:00 GMTapache-thriftrpccve-2026-41604cve-2026-41636out-of-boundsdenial-of-servicenodejsmicroserviceshttps://cipherwatch.io/articles/2026-04-29-spring-ai-cve-2026-40978-40967-cosmosdb-sql-injection/https://cipherwatch.io/articles/2026-04-29-spring-ai-cve-2026-40978-40967-cosmosdb-sql-injection/Two injection vulnerabilities in Spring AI's vector store integration layer affect AI applications using retrieval-augmented generation pipelines. CVE-2026-40978 (CVSS 8.8) allows SQL injection through the CosmosDB vector store component; CVE-2026-40967 (CVSS 8.6) enables filter expression injection in the FilterExpressionConverter used across multiple backends. Both flaws affect Spring AI 1.0.x and 1.1.x and are patched in 1.1.5.Wed, 29 Apr 2026 00:00:00 GMTspring-aisql-injectionragvector-storecve-2026-40978cve-2026-40967ai-securityjavahttps://cipherwatch.io/articles/2026-04-29-spring-boot-cve-2026-40976-actuator-auth-bypass/https://cipherwatch.io/articles/2026-04-29-spring-boot-cve-2026-40976-actuator-auth-bypass/CVE-2026-40976 in Spring Boot 4.0.0 through 4.0.5 allows unauthenticated network access to all Spring Boot Actuator management endpoints when applications rely on the default Spring Security auto-configuration but omit the spring-boot-health dependency. Exposed endpoints include heapdump, env, mappings, and loggers — enough to extract secrets and manipulate application behaviour. Upgrade to Spring Boot 4.0.6 or later.Wed, 29 Apr 2026 00:00:00 GMTspring-bootactuatorcve-2026-40976auth-bypassjavaenterprise-frameworkhttps://cipherwatch.io/articles/2026-04-28-hugging-face-lerobot-cve-2026-25874-rce/https://cipherwatch.io/articles/2026-04-28-hugging-face-lerobot-cve-2026-25874-rce/A critical unpatched remote code execution vulnerability in Hugging Face's LeRobot robotics AI framework allows unauthenticated attackers to execute arbitrary code on any server running the gRPC control interface. CVE-2026-25874, rated CVSS 9.3, affects the project's dataset loading and remote control pipeline via Python pickle deserialization. No patch is available; mitigations focus on network isolation.Tue, 28 Apr 2026 00:00:00 GMThugging-facelerobotcve-2026-25874pickle-deserializationrceai-securityunpatchedhttps://cipherwatch.io/articles/2026-04-27-sap-april-2026-patch-day-cve-2026-34256-abap/https://cipherwatch.io/articles/2026-04-27-sap-april-2026-patch-day-cve-2026-34256-abap/SAP's April 2026 Security Patch Day includes a fix for CVE-2026-34256, an ABAP code-overwrite vulnerability rated CVSS 7.1 that allows an authenticated attacker with low-privilege access to modify executable ABAP programme objects, potentially corrupting core business logic in SAP ERP, S/4HANA, and BW systems. The flaw requires no special administrative roles and affects all SAP NetWeaver ABAP Server releases through the current patched version.Mon, 27 Apr 2026 00:00:00 GMTsapabapcve-2026-34256erpcode-integrityapril-patch-dayhttps://cipherwatch.io/articles/2026-04-26-axios-npm-supply-chain-sapphire-sleet-dprk-cisa/https://cipherwatch.io/articles/2026-04-26-axios-npm-supply-chain-sapphire-sleet-dprk-cisa/North Korea's Sapphire Sleet compromised an axios npm maintainer account on March 31, publishing backdoored versions 1.14.1 and 0.30.4 that delivered a cross-platform RAT during a three-hour exposure window. Axios has approximately 100 million weekly downloads. CISA issued Advisory AA26-110A on April 20 — organisations that ran npm installs during the window should treat their CI/CD pipeline as compromised and rotate all secrets immediately.Sun, 26 Apr 2026 00:00:00 GMTsupply-chainnpmdprksapphire-sleetratcisa-advisoryactively-exploitedhttps://cipherwatch.io/articles/2026-04-26-canistersprawl-self-propagating-npm-worm/https://cipherwatch.io/articles/2026-04-26-canistersprawl-self-propagating-npm-worm/Researchers discovered CanisterSprawl, a self-propagating npm supply chain worm attributed to TeamPCP that compromised at least 16 packages including pgserve and @automagik/genie. A postinstall hook harvests npm tokens, cloud credentials, SSH keys, and AI tool configs, exfiltrating to a blockchain canister before using stolen tokens to inject the worm into every other package owned by the compromised developer. Organisations should audit postinstall scripts and rotate all credentials from affected development environments.Sun, 26 Apr 2026 00:00:00 GMTsupply-chainnpmwormteamPCPcredential-theftdeveloper-securityblockchain-exfiltrationhttps://cipherwatch.io/articles/2026-04-25-lmdeploy-cve-2026-33626-rce-exploited-13-hours/https://cipherwatch.io/articles/2026-04-25-lmdeploy-cve-2026-33626-rce-exploited-13-hours/A critical remote code execution flaw in LMDeploy, a widely used LLM inference serving framework, was exploited in active attacks just 13 hours after public disclosure. Organisations running self-hosted AI inference infrastructure must treat these platforms with the same urgency as any internet-exposed web application server — because attackers already do.Sat, 25 Apr 2026 00:00:00 GMTai-securitylmdeployllm-infrastructurerceactively-exploiteddeserializationhttps://cipherwatch.io/articles/2026-04-24-ktransformers-ai-framework-unauthenticated-rce-cve-2026-26210/https://cipherwatch.io/articles/2026-04-24-ktransformers-ai-framework-unauthenticated-rce-cve-2026-26210/CVE-2026-26210 is a CVSS 9.8 pre-authentication RCE in KTransformers, a popular AI inference acceleration framework. The scheduler's ZMQ ROUTER socket binds to all interfaces with no authentication and deserialises arbitrary pickle payloads — any network-reachable host can execute code on the inference server.Fri, 24 Apr 2026 00:00:00 GMTai-securityrcedeserializationpythonopen-sourcehttps://cipherwatch.io/articles/2026-04-24-teampcp-supply-chain-bitwarden-cli-checkmarx-kics-npm-docker/https://cipherwatch.io/articles/2026-04-24-teampcp-supply-chain-bitwarden-cli-checkmarx-kics-npm-docker/The TeamPCP supply chain threat group has extended its campaign beyond GitHub Actions and PyPI to poison the @bitwarden/cli npm package and overwrite Checkmarx KICS Docker images and VS Code extensions. The campaign now spans four developer distribution channels across six weeks, deploying a self-propagating worm that exfiltrates SSH keys, cloud credentials, and MCP configuration files from compromised developer environments.Fri, 24 Apr 2026 00:00:00 GMTsupply-chainnpmdockervscodebitwardencheckmarxteampcpcredential-thefthttps://cipherwatch.io/articles/2026-04-23-marimo-rce-cve-2026-39987-mass-exploitation-nkabuse/https://cipherwatch.io/articles/2026-04-23-marimo-rce-cve-2026-39987-mass-exploitation-nkabuse/CVE-2026-39987 (CVSS 9.3) in the Marimo Python notebook has been weaponised at scale, with Sysdig recording 662 exploitation events over three days and attackers completing credential theft within minutes of gaining access. The unauthenticated WebSocket RCE is being used to deploy NKAbuse, a multi-platform malware using the NKN peer-to-peer network for command and control. Upgrade to Marimo 0.23.0 immediately.Thu, 23 Apr 2026 00:00:00 GMTai-securityrcecve-2026-39987marimopython-notebooknkabuseactive-exploitationhttps://cipherwatch.io/articles/2026-04-22-aspnet-core-dataprotection-cve-2026-40372/https://cipherwatch.io/articles/2026-04-22-aspnet-core-dataprotection-cve-2026-40372/A critical security regression in Microsoft.AspNetCore.DataProtection (CVSS 9.1) introduced in .NET 10.0.0 causes encryption keys to leak on Linux deployments. Applications using cookie authentication, anti-forgery tokens, or TempData are at immediate risk. Update to .NET 10.0.7 now.Wed, 22 Apr 2026 00:00:00 GMTasp-net-coremicrosoftcve-2026-40372out-of-band-patchdotnetkey-exposurehttps://cipherwatch.io/articles/2026-04-22-cohere-terrarium-sandbox-escape-cve-2026-5752/https://cipherwatch.io/articles/2026-04-22-cohere-terrarium-sandbox-escape-cve-2026-5752/CVE-2026-5752 (CVSS 9.3) in Cohere Terrarium allows an attacker to escape the Pyodide WebAssembly sandbox via JavaScript prototype chain traversal, achieving root code execution on the host Node.js process. Organisations running AI code execution environments should patch immediately and network-isolate these workloads.Wed, 22 Apr 2026 00:00:00 GMTai-securitysandbox-escapewebassemblycve-2026-5752coherellm-securityprototype-chainhttps://cipherwatch.io/articles/2026-04-22-google-antigravity-ide-prompt-injection-rce/https://cipherwatch.io/articles/2026-04-22-google-antigravity-ide-prompt-injection-rce/Mindgard researchers discovered two vulnerabilities in Google's Antigravity AI coding assistant: a prompt injection via the find_by_name tool that bypasses Strict Mode to achieve code execution, and a persistent backdoor via workspace trust that survives reinstallation of the IDE extension. Google has patched both; update immediately and audit workspace trust settings.Wed, 22 Apr 2026 00:00:00 GMTai-coding-assistantprompt-injectionrcegoogleworkspace-securitypersistent-backdoorhttps://cipherwatch.io/articles/2026-04-20-vercel-breach-context-ai-lumma-stealer-developer-supply-chain/https://cipherwatch.io/articles/2026-04-20-vercel-breach-context-ai-lumma-stealer-developer-supply-chain/Cloud deployment platform Vercel has confirmed a breach traced to a Lumma infostealer infection at Context.ai, a third-party AI tool used by a Vercel employee. Attackers used the stolen Google Workspace OAuth access to reach Vercel's internal environments, exposing environment variables and a limited set of customer credentials. ShinyHunters is claiming responsibility and demanding $2 million for the stolen data.Mon, 20 Apr 2026 00:00:00 GMTvercelsupply-chainlumma-stealershinyhuntersinfostealeroauthdeveloper-credentialsci-cdenvironment-variablesthird-party-riskhttps://cipherwatch.io/articles/2026-04-19-showdoc-cve-2025-0520-rce-exploitation/https://cipherwatch.io/articles/2026-04-19-showdoc-cve-2025-0520-rce-exploitation/Threat actors are actively exploiting CVE-2025-0520, a critical unauthenticated remote code execution vulnerability in ShowDoc — an IT documentation tool used by developers and operations teams. The flaw, patched in October 2020 but present in thousands of unupgraded installations, allows file upload exploitation to deploy web shells. More than 2,000 publicly accessible ShowDoc instances remain vulnerable.Sun, 19 Apr 2026 00:00:00 GMTrceshowdocdocumentation-toolweb-shelln-day-exploitationunpatcheddevopsfile-uploadhttps://cipherwatch.io/articles/2026-04-16-nginx-ui-cve-2026-33032-mcp-endpoint-rce/https://cipherwatch.io/articles/2026-04-16-nginx-ui-cve-2026-33032-mcp-endpoint-rce/A critical authentication bypass vulnerability (CVSS 9.8) in the nginx-ui web management interface allows any network attacker to take complete control of the underlying Nginx server without credentials. Over 2,600 instances are internet-exposed and the flaw is being actively exploited. Update to version 2.3.4 immediately.Thu, 16 Apr 2026 00:00:00 GMTrcenginxnginx-uiauthentication-bypassmcpweb-infrastructureactively-exploitedcve-2026-33032https://cipherwatch.io/articles/2026-04-10-apache-activemq-rce-jolokia-api/https://cipherwatch.io/articles/2026-04-10-apache-activemq-rce-jolokia-api/A critical unauthenticated remote code execution vulnerability in Apache ActiveMQ's Jolokia management API allows attackers to execute arbitrary OS commands by invoking a management MBean. CVE-2026-34197 roots in a design flaw present since ActiveMQ 5.x and chains dangerously with CVE-2024-32114. Patches are available in ActiveMQ 6.2.3 and 5.19.4.Fri, 10 Apr 2026 00:00:00 GMTapacheactivemqrcejolokiacve-2026-34197unauthenticatedmessage-brokerjavacve-2024-32114https://cipherwatch.io/articles/2026-04-10-dprk-contagious-interview-cross-ecosystem-supply-chain/https://cipherwatch.io/articles/2026-04-10-dprk-contagious-interview-cross-ecosystem-supply-chain/North Korea's UNC1069 (BlueNoroff) threat group has expanded its Contagious Interview supply chain operation to five package registries — npm, PyPI, Go Modules, crates.io, and Packagist — publishing more than 1,700 malicious packages that deliver a cross-platform infostealer and RAT. The operation is the largest coordinated open-source supply chain attack attributed to a nation-state actor.Fri, 10 Apr 2026 00:00:00 GMTnorth-koreadprkunc1069bluenoroffcontagious-interviewsupply-chainnpmpypigorustphpmalwareratinfostealerhttps://cipherwatch.io/articles/2026-04-09-progress-sharefile-pre-auth-rce-chain/https://cipherwatch.io/articles/2026-04-09-progress-sharefile-pre-auth-rce-chain/Researchers at watchTowr Labs have disclosed a two-vulnerability chain in Progress ShareFile Storage Zones Controller that enables unauthenticated remote code execution via webshell upload. Approximately 30,000 Storage Zone Controller instances are internet-exposed and remain at risk if not patched to version 5.12.4, which was released on 10 March 2026 before full public disclosure of the attack path.Thu, 09 Apr 2026 00:00:00 GMTsharefileprogressrcepre-authwebshellauth-bypassfile-uploadvulnerability-chainhttps://cipherwatch.io/articles/2026-04-09-smart-slider-3-pro-wordpress-supply-chain/https://cipherwatch.io/articles/2026-04-09-smart-slider-3-pro-wordpress-supply-chain/Attackers breached Nextend's update servers and distributed a fully weaponised backdoor through the official Smart Slider 3 Pro update channel, affecting WordPress and Joomla sites that auto-updated between 7–8 April 2026. The compromised version 3.5.1.35 creates rogue admin accounts, drops persistent remote access tools, and exfiltrates credentials — all delivered through the trusted plugin update mechanism.Thu, 09 Apr 2026 00:00:00 GMTwordpressjoomlasupply-chainpluginsmart-slidernextendbackdoorcmsweb-securitycvehttps://cipherwatch.io/articles/2026-04-07-flowise-rce-cve-2025-59528-exploited/https://cipherwatch.io/articles/2026-04-07-flowise-rce-cve-2025-59528-exploited/CVE-2025-59528, a maximum-severity remote code execution vulnerability in the Flowise AI workflow platform, is being actively exploited in the wild. Over 12,000 internet-exposed instances remain unpatched, allowing attackers to execute arbitrary JavaScript on host machines and extract API keys, credentials, and configuration secrets.Tue, 07 Apr 2026 00:00:00 GMTrceflowiseai-platformcve-2025-59528supply-chainapi-keysmcphttps://cipherwatch.io/articles/2026-03-30-langflow-cve-2026-33017-rce-cisa-kev/https://cipherwatch.io/articles/2026-03-30-langflow-cve-2026-33017-rce-cisa-kev/A critical unauthenticated remote code execution vulnerability in Langflow AI pipeline builder was exploited in the wild within 20 hours of disclosure, with attackers harvesting API keys for OpenAI, Anthropic, and AWS from compromised instances. CISA added CVE-2026-33017 to the Known Exploited Vulnerabilities catalogue on 26 March, making patching mandatory for US federal agencies.Mon, 30 Mar 2026 00:00:00 GMTlangflowrceunauthenticatedai-securitycisa-kevcve-2026-33017llmapi-key-thefthttps://cipherwatch.io/articles/2026-03-30-litellm-pypi-supply-chain-teampcp/https://cipherwatch.io/articles/2026-03-30-litellm-pypi-supply-chain-teampcp/The LiteLLM Python package — a widely-deployed AI gateway library with three million daily downloads — was backdoored on PyPI on 24 March by threat actor TeamPCP. Malicious versions 1.82.7 and 1.82.8 deployed a three-stage payload stealing cloud credentials, Kubernetes secrets, and CI/CD tokens from any system that installed the package during a 40-minute window.Mon, 30 Mar 2026 00:00:00 GMTsupply-chainpypilitellmteampcpcredential-theftkubernetesai-securitycicdbackdoorhttps://cipherwatch.io/articles/2026-03-24-craft-cms-cve-2025-32432-cisa-kev-rce/https://cipherwatch.io/articles/2026-03-24-craft-cms-cve-2025-32432-cisa-kev-rce/CISA added CVE-2025-32432, a maximum-severity code injection vulnerability in Craft CMS, to its Known Exploited Vulnerabilities catalogue on 20 March 2026. The flaw allows unauthenticated remote attackers to execute arbitrary code on any publicly accessible Craft CMS installation. Exploitation has been ongoing since at least February 2025 and the Mimo threat actor has been actively using it to deploy cryptocurrency miners and residential proxy malware.Tue, 24 Mar 2026 00:00:00 GMTcraft-cmsrceunauthenticatedcode-injectioncisa-kevcve-2025-32432cmsweb-applicationmimohttps://cipherwatch.io/articles/2026-03-24-trivy-supply-chain-cve-2026-33634-cicd-attack/https://cipherwatch.io/articles/2026-03-24-trivy-supply-chain-cve-2026-33634-cicd-attack/The widely-used Aqua Security Trivy vulnerability scanner was compromised in a supply chain attack that replaced 75 version tags in the official trivy-action and setup-trivy GitHub Actions with credential-stealing malware. Threat actor TeamPCP leveraged non-atomic secret rotation to retain access after an initial February compromise, launching a second attack wave on 19 March. Any CI/CD pipeline that ran trivy-action or setup-trivy during the compromise window may have had cloud credentials, API tokens, and SSH keys exfiltrated.Tue, 24 Mar 2026 00:00:00 GMTtrivygithub-actionssupply-chaincicdcredential-theftteampcpcve-2026-33634aqua-securitydevopshttps://cipherwatch.io/articles/2026-03-22-chrome-zero-days-cve-2026-3909-3910-cisa-kev/https://cipherwatch.io/articles/2026-03-22-chrome-zero-days-cve-2026-3909-3910-cisa-kev/Google released an emergency Chrome update on 13 March addressing two zero-day vulnerabilities — an out-of-bounds write in Skia and a V8 sandbox escape — both confirmed as exploited in the wild. CISA added both to the Known Exploited Vulnerabilities catalogue the same day with a 27 March federal remediation deadline.Sun, 22 Mar 2026 00:00:00 GMTzero-daychromebrowser-securitycisa-kevactively-exploitedgoogleskiav8