CRITICAL

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

The Hacker News • May 23, 2026

INFO

pnpm 11 Might Finally Be a Better Default Than npm

Reddit r/netsec • May 22, 2026

INFO

Securing The AI Revolution How Snyk And Our Partners Are Scaling For The Future

Snyk • May 21, 2026

MEDIUM

[NEU] [mittel] Adobe Creative Cloud Applikationen: Mehrere Schwachstellen

BSI Germany • May 13, 2026

INFO

Postmortem: TanStack npm supply-chain compromise

Reddit r/netsec • May 12, 2026

INFO

Securing CI/CD for an open source project: lessons from Cilium

Reddit r/netsec • May 08, 2026

INFO

Boost Security acquires 2 startups, raises $4 million for AI defense platform

SC Media • May 08, 2026

INFO

Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them?

The Hacker News • Apr 23, 2026

CRITICAL

Oracle Critical Patch Update, April 2026 Security Update Review

Qualys Research • Apr 22, 2026

INFO

AI Hype vs. Reality: Is AI Really Rewriting the Vulnerability Equation?

Recorded Future • Apr 22, 2026

INFO

Nasa CFITSIO Fuzzing: Memory Corruptions and a Codex-Assisted Pipeline

Reddit r/netsec • Apr 20, 2026

INFO

Fracturing Software Security With Frontier AI Models

Unit 42 • Apr 20, 2026

MEDIUM

[NEU] [mittel] Sparx Systems Enterprise Architect: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

BSI Germany • Apr 17, 2026

HIGH

⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

The Hacker News • Apr 13, 2026

INFO

A new initiative that brings together Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks in an effort to secure the world’s most critical software.

Reddit r/netsec • Apr 08, 2026

INFO

Year in Review: Vulnerabilities old and new and something React2

Cisco Talos • Apr 07, 2026

HIGH

Software supply chain hacks trigger wave of intrusions, data theft

Help Net Security • Apr 02, 2026

INFO

The Next Era of AppSec: Why AI-Generated Code Needs Offensive Dynamic Testing

Snyk • Mar 20, 2026

INFO

Google Paid Out $17 Million in Bug Bounty Rewards in 2025

SecurityWeek • Mar 13, 2026

HIGH

Vulnérabilité dans GLPI (12 mars 2026)

CERT-FR (ANSSI) • Mar 12, 2026

INFO

If consequences matter, they should apply to vendors, too

CyberScoop • Mar 11, 2026

HIGH

We (at Tachyon) found an auth bypass in MLflow

Reddit r/netsec • Mar 06, 2026

CRITICAL

Patch, track, repeat: The 2025 CVE retrospective

Cisco Talos • Mar 05, 2026

LOW

Security debt is becoming a governance issue for CISOs

Help Net Security • Mar 02, 2026

LOW

Your dependencies are 278 days out of date and your pipelines aren’t protected

Help Net Security • Mar 02, 2026

MEDIUM

I used MCP Ghidra and Claude Code to find 9 kernel driver vulnerabilities on my gaming laptop

Reddit r/netsec • Feb 28, 2026

INFO

Claude Code Security Shows Promise, Not Perfection

Dark Reading • Feb 27, 2026

CRITICAL

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability

The Hacker News • Feb 25, 2026

INFO

Black Duck expands Polaris platform with unified, automated security across all major SCMs

Help Net Security • Feb 12, 2026

INFO

White House Scraps ‘Burdensome’ Software Security Rules

SecurityWeek • Jan 30, 2026

INFO

We moved fast and broke things. It’s time for a change.

CyberScoop • Feb 02, 2026