New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
SecurityWeek

OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds

CVE Lite CLI helps developers quickly identify and fix vulnerable npm dependencies during development, reducing delays and ...
TechRound

How Did Cybercriminals Use Fake New York Times Pages To Scam Users?

Researchers at Comparitech want to understand the systems working behind spam emails that promise some sort of reward, whether it’s cash or those health products that claim to perform miracles. So, ...
The Hacker News

One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public

CVE-2026-23111 is a Linux kernel nf_tables use-after-free that lets an unprivileged local user escalate to root and escape a ...

High-severity vulnerability in Linux caused by a single faulty character

Researchers have analyzed a high-severity vulnerability in Linux that’s able to escalate untrusted users to root by ...

Critical UniFi OS bug lets hackers gain root without authentication

Attackers can chain three already fixed vulnerabilities in the Ubiquiti UniFi OS server to execute remote code with root ...
SecurityWeek

Hackers Exploit Langflow Vulnerability for Remote Code Execution

Hackers are exploiting CVE-2026-5027, a high-severity path traversal issue in Langflow, for remote code execution.
Computerworld

Industry

IBM unveils tool to track sovereignty risks for cloud workloads The Sovereignty Risk Profile gives customers greater visibility into where cloud workloads run and how they are secure, IBM says. It’s ...
Ars Technica

Dan Goodin

Ars Technica has been separating the signal from the noise for over 25 years. With our unique combination of technical savvy and wide-ranging interest in the technological arts and sciences, Ars is ...