2+ hour, 59+ min ago  (536+ words) A newly disclosed critical vulnerability, tracked as CVE-2026-48710 and dubbed "Bad Host," is putting thousands of AI-powered applications at risk by enabling authentication bypass through manipulated HTTP headers. The flaw affects Starlette versions before 1. 0. 1, a core framework widely used in…...

13+ hour, 57+ min ago  (249+ words) The anonymous researcher known as Nightmare-Eclipse has been blocked from two major code-hosting platforms in less than a week, as their disruptive public zero-day campaign against Microsoft draws serious real-world consequences. Git Lab moved to suspend the account of security…...

14+ hour, 25+ min ago  (375+ words) A series of newly documented vulnerabilities in ISC BIND 9 has raised significant security concerns for DNS infrastructure operators, with multiple flaws enabling denial-of-service (Do S) attacks, memory corruption, and potential remote exploitation. The latest entries in the BIND 9 Software Vulnerability Matrix…...

14+ hour, 26+ min ago  (416+ words) India's national computer emergency response agency CERT-In has warned enterprises to patch high-risk vulnerabilities on internet-facing and critical systems within 12 hours of discovery or active exploitation. The directive comes as AI-assisted attacks continue to reduce exploitation timelines, increasing pressure on…...

15+ hour, 8+ min ago  (437+ words) Anthropic has launched a security-guidance plugin for its Claude Code terminal tool that autonomously reviews code edits, model outputs, and commits in real time to catch vulnerabilities before they reach production. The plugin is free for all users and available…...

1+ day, 1+ hour ago  (701+ words) A newly discovered Linux malware known as Quasar Linux, or QLNX, is actively targeting software developers and Dev Ops engineers with a level of sophistication rarely seen in Linux-focused threats. Unlike most malware that relies on files stored on disk,…...

1+ day, 2+ hour ago  (715+ words) A sophisticated China-linked hacking group has been caught targeting edge routers across Southeast Asia, deploying a custom-built Linux implant that gives them deep control over network traffic. The campaign has been rated critical in severity, and its reach extends well…...

1+ day, 52+ min ago  (409+ words) The vulnerabilities arise from insecure handling of user-controlled input and unsafe configuration loading within the extension. Researchers found that attackers can exploit trusted development workflows, such as opening a project or reviewing source code, to execute arbitrary commands on a…...

1+ day, 5+ hour ago  (645+ words) A critical SQL injection flaw in Ghost CMS has been weaponized by at least two threat actor groups to silently poison over 700 websites with Click Fix malware, putting unsuspecting visitors at serious risk. The vulnerability, tracked as CVE-2026-26980, was publicly…...

1+ day, 5+ hour ago  (335+ words) Git Hub experienced a widespread service disruption on May 26, 2026, after authentication failures prevented developers from accessing critical automation services, including Git Hub Actions and Git Hub Pages. According to Git Hub's official status page, the incident began around 10: 57 UTC, when…...