Posts
Researchers at OX Security uncovered "mouse5212-super-formatter," a malicious npm package that exfiltrated files from Claude AI's local directory to GitHub—and that left the attacker's private token sitting in plain sight in its own source code.
obeedt, OscarRV, LuisZavMen
The TeamPCP group (UNC6780) compromised a GitHub employee's device through a trojanized VS Code extension, exfiltrating approximately 3,800 internal repositories from the platform in May 2026.
obeedt, OscarRV, LuisZavMen
An inverted validation flaw in the rxgk module allows local attackers to bypass the Copy-On-Write (COW) mechanism and corrupt the page cache to gain root access.
obeedt, OscarRV, LuisZavMen
A memory handling flaw during data copy operations allows any unprivileged user to gain full control of a Linux system.
obeedt, OscarRV, LuisZavMen
Researchers reveal that CVE-2026-42945, a critical flaw in NGINX's rewrite module, went undetected since 2008. With a CVSS score of 9.2, it allows a remote, unauthenticated attacker to crash servers or execute malicious code on systems without active memory protections.
obeedt, OscarRV, LuisZavMen
CVE-2026-7482, a critical vulnerability in Ollama that allows any remote attacker to extract prompts, environment variables, and API tokens from server memory in just three unauthenticated HTTP requests.
obeedt, OscarRV, LuisZavMen