MESCIUS USA, Inc., a global provider of award-winning enterprise software development tools, is pleased to announce a new product for the Document Solutions product line: Document Solutions PDF JS.

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

ONLYOFFICE's latest API update adds document automation, plugin debugging tools, advanced form controls, spreadsheet ...

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...

Google is encouraging its database developers to lean "heavily" on AI coding tools as it ramps up contributions to open source projects such as PostgreSQL. Earlier this year, Google announced a raft ...

For more than 20 minutes after deletion, some Google API keys can still be used, apparently creating a major security gap.

All of this led to the subreddit officially being marked NSFW on Monday. Elsewhere, other Reddit communities are continuing ...

Weekly ThreatsDay recap: old bugs, fake tools, shady payload tricks, AI mishaps, and the usual reminder that the internet is ...

Malicious Sicoob.Sdk stole PFX certificates and client IDs via NuGet downloads, enabling API impersonation and payment abuse risks.

The companion apps for Android and iOS create a security vulnerability in Home Assistant. Attackers could take over instances.

Cybersecurity researchers at Aikido Security have uncovered a malicious supply chain attack targeting OpenAI Codex developers via the npm package “codexui-android”. While the associated GitHub ...

The npm package has a module field pointing to an ES module variant of the library, mainly to provide support for ES module aware bundlers, whereas its browser field points to an UMD module for full ...