News
Threat notes, advisories, and quick analysis. Newest first.
News
2026-05-30
CISA Urges Security Teams to Audit Software Development Pipelines After Megalodon Supply‑Chain Attack
CISA warns about Megalodon supply-chain attack injecting malicious GitHub Actions into 5,500+ repositories and compromise via poisoned Nx Console VS Code extension, urging security teams to audit workflows and rotate credentials.
cybersecurity
supply-chain
GitHub
CISA
Megalodon
News
2026-05-24
Critical Linux Kernel Cryptographic Template Bug (CVE-2026-31431) Lets Local Users Escalate to Root via Page‑Cache Write
A newly disclosed logic flaw in the kernel’s cryptographic copy‑on‑write mechanism allows any local user to overwrite arbitrary readable files, opening a straightforward path to root privilege escalation.
cve
linux-kernel
privilege-escalation
security
vulnerability
News
2026-05-23
Packagist Supply Chain Attack Infects 8 Packages Using GitHub‑Hosted Linux Malware
A coordinated supply‑chain attack compromised eight Composer packages on Packagist, injecting malware via package.json that downloads and executes a Linux binary from GitHub Releases.
cybersecurity
supply-chain
packagist
malware
github