DevSecOps Archives • Page 2 of 3 • Daily CyberSecurity

The Mutable Tag Trap: Critical 9.4 CVSS Attack on Xygeni GitHub Action Exposes CI/CD Pipelines Xygeni Tag Poisoning CVE-2026-31976

The Mutable Tag Trap: Critical 9.4 CVSS Attack on Xygeni GitHub Action Exposes CI/CD Pipelines

Do Son March 12, 2026

In a sophisticated supply chain manipulation, the xygeni-action GitHub Action was recently targeted by a critical “tag...

The Fake Job Trap: Microsoft Exposes the ‘Contagious Interview’ Campaign Targeting Developers Contagious Interview Invisible Ferret

The Fake Job Trap: Microsoft Exposes the ‘Contagious Interview’ Campaign Targeting Developers

Do Son March 12, 2026

A recent report from Microsoft Defender Experts sheds light on the “Contagious Interview” campaign, a sophisticated social...

Code Red: GitLab’s Latest Security Update Patches High-Severity XSS and API DoS Vulnerabilities GitLab Security Update Account Impersonation GitLab Security Update CVE-2026-1090 GitLab vulnerability GitLab vulnerability, GitLab patches

GitLab Security Update Account Impersonation GitLab Security Update CVE-2026-1090 GitLab vulnerability GitLab vulnerability, GitLab patches

Code Red: GitLab’s Latest Security Update Patches High-Severity XSS and API DoS Vulnerabilities

Do Son March 12, 2026

GitLab has released critical security updates—versions 18.9.2, 18.8.6, and 18.7.6—for both Community Edition (CE) and Enterprise Edition...

Malicious npm Package “pino-sdk-v2” Caught Harvesting Secrets pino-sdk-v2 npm Supply Chain Attack

Malicious npm Package “pino-sdk-v2” Caught Harvesting Secrets

Do Son March 11, 2026

In the modern development landscape, supply chain attacks remain one of the most effective ways for threat...

The Vibe-Coding Trap: Fake Claude Code Installers Unleash Amatera Malware via Search Ads Claude Code Malvertising Amatera Malware

The Vibe-Coding Trap: Fake Claude Code Installers Unleash Amatera Malware via Search Ads

Do Son March 11, 2026

In the fast-paced world of AI development, “vibe-coding” has become a popular term for rapid, experimental building....

AI vs. Bugs: OpenAI Launches “Codex Security” to Revolutionize AppSec OpenAI Advanced Account Security Phishing-Resistant AI Authentication OpenAI Codex Security AI Application Security

OpenAI Advanced Account Security Phishing-Resistant AI Authentication OpenAI Codex Security AI Application Security

AI vs. Bugs: OpenAI Launches “Codex Security” to Revolutionize AppSec

Do Son March 7, 2026

Recently, OpenAI has officially unveiled Codex Security, an advanced application security agent designed to identify and fix...

The Trojan Prompt: How an Autonomous AI Hijacked Aqua Trivy to Weaponize Developer Copilots AI Prompt Injection Aqua Trivy Breach AI Assistant Apertus, open-source AI .ai domain milestone

AI Prompt Injection Aqua Trivy Breach AI Assistant Apertus, open-source AI .ai domain milestone

The Trojan Prompt: How an Autonomous AI Hijacked Aqua Trivy to Weaponize Developer Copilots

Do Son March 4, 2026

Cybersecurity researchers at Socket have uncovered a sophisticated security breach affecting the popular Aqua Trivy VS Code...

Security Alert: “Hackerbot-Claw” Autonomous Campaign Exploits GitHub Actions hackerbot-claw campaign Cisco RCE Exploit CVE-2026-20045 SonicWall VPN, Akira Ransomware Nobelium Apache Tomcat, Apache Camel

hackerbot-claw campaign Cisco RCE Exploit CVE-2026-20045 SonicWall VPN, Akira Ransomware Nobelium Apache Tomcat, Apache Camel

Security Alert: “Hackerbot-Claw” Autonomous Campaign Exploits GitHub Actions

Do Son March 3, 2026

Christopher Robinson, Chief Technology Officer and Chief Security Architect at the Open Source Security Foundation (OpenSSF), has...

CVE-2026-25592: Critical Semantic Kernel Flaw (CVSS 10.0) Allows File Overwrite Semantic Kernel Vulnerability CVE-2026-25592

CVE-2026-25592: Critical Semantic Kernel Flaw (CVSS 10.0) Allows File Overwrite

Do Son February 10, 2026

Microsoft has issued a critical security advisory for developers using its Semantic Kernel .NET SDK, warning of...

CVE-2026-1868: Critical GitLab Gateway Flaw (CVSS 9.9) Allows RCE GitLab AI Gateway Vulnerability CVE-2026-1868 CVE-2025-0314 GitLab Security Update CVE-2025-9222

CVE-2026-1868: Critical GitLab Gateway Flaw (CVSS 9.9) Allows RCE

Do Son February 8, 2026

GitLab has issued an urgent security alert for organizations running self-hosted versions of its AI Gateway, warning...

Silent Intrusion: “Metro4Shell” Exploited in the Wild Since December Metro4Shell CVE-2025-11953

Silent Intrusion: “Metro4Shell” Exploited in the Wild Since December

Do Son February 4, 2026

A new report from VulnCheck reveals that CVE-2025-11953, a critical flaw in the Metro development server dubbed...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

React Under Siege: Two IPs Drive 56% of Critical CVE-2025-55182 Attacks

Do Son February 4, 2026

Two months after the disclosure of a catastrophic vulnerability in React Server Components, the attack landscape has...

Gatekeeper Breached: 4 Critical Ingress-Nginx Flaws Risk Cluster Secrets Ingress-Nginx Vulnerability Kubernetes RCE Vulnerability CVE-2025-9708 Kubernetes Security, Image Builder Vulnerability CVE-2024-10220 - OPA Gatekeeper Bypass

Ingress-Nginx Vulnerability Kubernetes RCE Vulnerability CVE-2025-9708 Kubernetes Security, Image Builder Vulnerability CVE-2024-10220 - OPA Gatekeeper Bypass

Gatekeeper Breached: 4 Critical Ingress-Nginx Flaws Risk Cluster Secrets

Do Son February 3, 2026

For Kubernetes administrators, the Ingress-Nginx controller is the trusted gatekeeper, routing traffic from the wild internet to...

Cluster Admin for All: Critical Kyverno Flaw (CVSS 10) Shatters Isolation Kyverno SSRF Kubernetes Policy Engine Kyverno Privilege Escalation CVE-2026-22039

Kyverno SSRF Kubernetes Policy Engine Kyverno Privilege Escalation CVE-2026-22039

Cluster Admin for All: Critical Kyverno Flaw (CVSS 10) Shatters Isolation

Do Son January 30, 2026

The maintainers of Kyverno, a popular Kubernetes-native policy engine, have released an urgent security update to address...

Sandbox Shattered: Critical n8n Flaw (CVSS 9.9) Allows Remote Code Execution n8n Node RCE Vulnerabilities CVE-2026-44791 Prototype Pollution n8n RCE Vulnerabilities CVE-2026-27497 CVE-2026-25053 n8n RCE Vulnerability CVE-2026-21877 n8n RCE, CVE-2025-68613 n8n Git RCE, core.hooksPath Exploit

n8n Node RCE Vulnerabilities CVE-2026-44791 Prototype Pollution n8n RCE Vulnerabilities CVE-2026-27497 CVE-2026-25053 n8n RCE Vulnerability CVE-2026-21877 n8n RCE, CVE-2025-68613 n8n Git RCE, core.hooksPath Exploit

Sandbox Shattered: Critical n8n Flaw (CVSS 9.9) Allows Remote Code Execution

Do Son January 28, 2026

Security researcher Natan Nehorai of the JFrog Security Research Team has uncovered a critical Remote Code Execution...

“Repo Squatting”: How Hackers Are Using GitHub’s Own Features to Hijack Official Repos GitHub Copilot Pro trial suspension GitHub Actions Platform Fee, Self-Hosted Runner Tax 2026 GitHub Apple ID, Privacy Login GitHub Microsoft Github disruptions CVE-2025-30066 GitHub Outage, Service Disruption

GitHub Copilot Pro trial suspension GitHub Actions Platform Fee, Self-Hosted Runner Tax 2026 GitHub Apple ID, Privacy Login GitHub Microsoft Github disruptions CVE-2025-30066 GitHub Outage, Service Disruption

“Repo Squatting”: How Hackers Are Using GitHub’s Own Features to Hijack Official Repos

Do Son January 27, 2026

In a clever twist on software supply chain attacks, threat actors are weaponizing a quirk in GitHub’s...

Public Yet Private? Critical Appsmith Flaw Exposes Unpublished Actions (CVSS 9.4) CVE-2026-24042 Appsmith Vulnerability CVE-2026-22794

Public Yet Private? Critical Appsmith Flaw Exposes Unpublished Actions (CVSS 9.4)

Do Son January 23, 2026

A critical security flaw has been discovered in Appsmith, the popular open-source platform used by organizations worldwide...

CVE-2025-60021: Apache bRPC Flaw Opens Door to Remote Command Injection Apache bRPC Vulnerability CVE-2025-60021 Apache bRPC, CVE-2025-59789 Apache bRPC, Redis Vulnerability

Apache bRPC Vulnerability CVE-2025-60021 Apache bRPC, CVE-2025-59789 Apache bRPC, Redis Vulnerability

CVE-2025-60021: Apache bRPC Flaw Opens Door to Remote Command Injection

Do Son January 17, 2026

Apache has issued an important fix for bRPC, its industrial-grade C++ RPC framework used to power some...

Node.js Patches Memory Leak and Permission Bypasses CVE-2024-27980 Node.js Vulnerability CVE-2025-55131

Node.js Patches Memory Leak and Permission Bypasses

Do Son January 14, 2026

The Node.js maintainers have kicked off the new year with a critical security release, addressing a trio...

CISA “Must-Patch” Alert: Critical Gogs Exploit CVE-2025-8110 Active in Wild Gogs Vulnerability CVE-2025-8110 CVE-2025-64111

CISA “Must-Patch” Alert: Critical Gogs Exploit CVE-2025-8110 Active in Wild

Do Son January 13, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has added a dangerous new entry to its “Must-Patch” list,...