1. A critical Linux local privilege escalation vulnerability named Copy Fail tracked as CVE-2026-31431 allows unprivileged users to obtain root access (The Hacker News). 2. Official SAP npm packages were compromised in a supply chain attack to steal developer credentials and authentication tokens (Bleeping Computer). 3. Google patched a maximum severity remote code execution flaw in the Gemini CLI npm package and GitHub Actions workflow…
Posts tagged as “zero-day”
1. A cluster of 108 malicious Google Chrome extensions was identified stealing user data and Telegram information from approximately 20000 users (thehackernews.com). 2. The critical ShowDoc remote code execution vulnerability CVE-2025-0520 is currently being actively exploited in the wild (thehackernews.com). 3. CISA added six vulnerabilities to its Known Exploited Vulnerabilities catalog including a critical SQL injection flaw in Fortinet FortiClient EMS tracked as CVE-2026-21643 (thehackernews.com).…
1. ShinyHunters compromised Cisco source code and AWS keys by exploiting a supply chain vulnerability in Trivy. The breach resulted in the unauthorized cloning of over 300 repositories (https://www.reddit.com/r/netsec/comments/1sa8nld/cisco_source_code_stolen_by_shinyhunters_via/). 2. Google released a patch for a high severity Chrome zero day vulnerability identified as CVE 2026 5281 which is currently under active exploitation (https://thehackernews.com/2026/04/new-chrome-zero-day-cve-2026-5281-under.html). 3. Apple expanded the availability of iOS 18.7.7 and iPadOS 18.7.7…